News

Once, protecting organizations from cyber incidents meant protecting data. Executives were worried about leaking of personal information, steeling of customer lists, or fraud on credit cards but nowadays, it is much more than that, every new technological invention in the field of cybersecurity comes with an almost immediate update of hackers’ skills and reach.

Given the impact that this has on the life of the company, cybersecurity can no longer be an issue held uniquely by middle or low management, but it must concern the entire company, starting with the Board of Directors (BOD).

But what should directors do? How much should they be involved when it comes to cybersecurity?

To be able to assess this topic correctly, some directors have been asked what their current role in the matter is:

• 41% reported that the BOD is providing guidance to operating managers or Chief-level leaders
• 23% reported that the BOD is “generally aware” of what is done and that is ready to intervene if needed
• 14% reported that the BOD is participating in meetings to discuss a simulated cybersecurity emergency, also known as a tabletop exercise
• 22% reported the absence of a board plan or strategy

It is important to know that the BOD role, even in a critical matter such as cybersecurity, is overseeing. In fact, the BOD should make sure that its organization has a plan and is as prepared as possible, but it is not in charge of the development of such a plan. More specifically, while the BOD focuses on the strategy, cybersecurity professionals are concentrated on a technical, operational, and organizational level.

So, what is your board doing for cybersecurity?

Data Source: Harvard Business Review