With news of data breaches, ransomware attacks, and zero-day vulnerabilities making headlines, cybersecurity is likely appearing even more frequently on the agenda in many board meetings. After all, no company wants to become the next brand on the front page of the Wall Street Journal or have their executives testify in front of Congress.
Boards Should Take Responsibility for Cybersecurity. Here’s How to Do It
Cybersecurity is likely appearing even more frequently on the agenda in many board meetings. This doesn’t mean that board members understand how to tackle the issue. After all, most board members have expertise in other forms of risk, and not in how to protect corporate assets from nation-state attackers and highly organized cyber adversaries. The good news is that there are several practical steps directors can take to protect their organizations that don’t require deep cyber expertise: help the CISO or CSO understand the business; ensure that security is included in discussions on new products and services; ensure that the organization develops and implements a cybersecurity curriculum; plan ahead for security incidents; and focus as much on culture as technology.