Board-Level Security

Photo by Benjamin Child on Unsplash

…investors would benefit from greater availability and comparability of disclosure by public companies across industries regarding their cybersecurity risk management, strategy, and governance practices in order to better assess whether and how companies are managing cybersecurity risks

What Should Directors Do Now?

WEF 6 Principals for a Cyber-Resilient Organization: Cybersecurity as a strategic business enabler; Understand the economic drivers and impact of cyber risk; Align cyber-risk management with business needs: Ensure organizational design supports cybersecurity; Incorporate cybersecurity expertise into board governance; Encourage systemic resilience and collaboration
World Economic Forum Six Principals for Cyber Risk Governance (2021)
  • Understand and approach cybersecurity as a strategic, enterprise risk, not just an IT risk.
  • Understand the legal implications of cyber risks as they relate to their company’s specific circumstances.
  • Set the expectation that management will establish an enterprise-wide, cyber-risk management framework with adequate staffing and budget.
  • …include identification and quantification of financial exposure to cyber risks and which risks to accept, mitigate, or transfer, such as through insurance, as well as specific plans associated with each approach.
  • Know your organization’s risk tolerance
  • Educate yourself about cyber risks, and how it is managed in your organization
  • Have your board committees organized so that appropriate attention can be paid to cyber risk, including having a Director who is a subject matter expert
  • Ensure the cyber risk program is incorporated throughout your organization, and is appropriately funded

Why Directors Struggle to Govern Cyber Risk

Knowing Your Risk Tolerance

Educate Yourself on Cyber Risks

Be Organized

You can hire a CTO, or CIO, but unless they have sat in the seat of managing a Security Program, they do NOT have the necessary expertise to advise you on how to manage cybersecurity risk.

Incorporate Security Everywhere, and Fund It

“How much company value is cybersecurity protecting/enabling, and are we investing in security enough to protect our value?”

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Helen Patton

Helen Patton

Cyber Security, Technology Ethics, and Humanity. What else? I can be found at CISOHelen.com or on Twitter @CisoHelen