Cybersecurity Oversight Belongs in the Boardroom
Strategic Cyber Road-map for the Board
The impact of a cyber attack to an organization’s brand, reputation, and business operations can be catastrophic. Due to this huge risk, cybersecurity has now catapulted to the top of boards’ list of concerns. Boards today are not just responsible for overseeing risk – they’re held liable for their company’s failure to adequately mitigate those risk.
The need for board-level responsibility for cyber security is generally accepted but not always applied. So to change this, the Cybersecurity Disclosure Act was introduced in the US Senate in late March, which would force publicly traded companies to disclose to regulators whether there is cybersecurity expertise on the board. The bill then proposes just three requirements under the protection of the Securities and Exchange Commission (SEC): that annual reports to the SEC must disclose the level of cyber security expertise of the board; or, if none exists, what “other cybersecurity steps taken by the reporting company were taken into account”; and that the definition of what constitutes that expertise should come from the SEC in consultation with NIST.
Boards must ensure that cybersecurity is viewed as an enterprise risk issue, not just an IT topic, and that discussion of cybersecurity gets adequate time on the board agenda and with management. They should be asking themselves – Are we doing enough? Am I asking the right questions?
We provide security executives who can brief a board on cybersecurity and to drive a strategy specifically addressing your organisation’s most pressing technology-related risks. Learn more about our tailored cybersecurity report for the Board members/directors and senior management. For additional info, please contact us using the form below.