Cybersecurity governance is now a priority in boardrooms as cyber attacks become more costly disruptive, dangerous and disruptive to businesses. Some boards add cybersecurity expertise as a director qualification to their list of directors. Others rely on contractors and third-party service providers to bring cybersecurity expertise into the boardroom. Some are even employing a controversial method: hiring red team hackers to test the security of their systems and find out which vulnerabilities they may have.
There is a gap between the priorities that boards declare and what they do to accomplish these goals. Our research indicates that only 69% of board member have reported that they regularly interact with their CISOs. A large portion of these board members only interact with their CISOs when they present to the board. These gaps need to be filled so that the boardroom can be capable of having a dialogue and understand the cybersecurity risks.
To close the gap it’s critical to make cybersecurity a key element of every board meeting and to www.greatboardroom.com/boardroom-information-security-questions-your-board-will-ask/ involve directors in meaningful discussions about the dangers they confront. This requires changing the way the discussion takes place in the boardroom. This could include the creation of a specific agenda item, and introducing pre-read materials that can be used to facilitate more detailed discussions on cybersecurity issues during meetings. It is also necessary to make cybersecurity a board-wide priority and establishing a secure culture in the business through an emphasis from the top, rewarding of those who speak up about risk awareness and imposing consequences on the entire management team.
Leave a Reply
Want to join the discussion?Feel free to contribute!