Information Security: Setting the Boardroom Agenda
In an environment in which cybersecurity threats are steadily increasing and business dependence on technology and the attendant risks are higher than ever before, cybersecurity risks are now commanding board-level attention. But board members don't necessarily understand how to tackle the cybersecurity issue. After all, most board members have expertise in other forms of risk and not in how to protect corporate assets from nation-state attackers and highly organized cyber adversaries. That's why it's crucial to determine the board's responsibility for protecting information assets and its preparedness to fight cybercrime.
Where does cybersecurity fit in the board's accountability to all company stakeholders? Does the board understand cybersecurity risk management? Should boards review annual budgets for privacy and security, assign roles and responsibilities and get regular briefings on cyber issues? What should the board understand about cybersecurity, and what can it do to eliminate obstacles that prevent organizations from developing a culture of proactive security?