The Challenge

Cybersecurity is no longer just the responsibility of the IT department. Boards of Directors have the ultimate role to ensure their organizations are identifying and mitigating key cybersecurity risks.

However only 39% of Boards and Executive Management Teams have a comprehensive understanding of information security to fully evaluate cyber risks and preventive measures, according to a recent study by EY.

The National Association of he National Association of Corporate Directors (NACD), Director’s Handbook on Cyber-Risk Oversight outlines five principles that all corporate boards should consider “as they seek to enhance their oversight of cyber risks.”

  • Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue.
  • Directors should understand the legal and regulatory implications of cyber risks as they relate to their company’s specific circumstances.
  • Boards should have adequate access to cybersecurity expertise, and discussions about cyber-risk management should be given regular and adequate time on the Board meeting agenda. 
  • Directors should set the expectation that management will establish an enterprise-wide risk management framework with adequate staffing and budget.
  • Board-management discussion of cyber risk should include identification of which risks to avoid, accept, mitigate, or transfer through insurance, as well as specific plans associated with each approach.

The challenge for Boards is how do they ensure they are asking the right questions of management?  How do they know they have the right focus, strategy and investment in protecting their critical assets? How well prepared is their company when something goes wrong?

How Cybersecurity4Executives Can Help

Cybersecurity Strategy Assessment

Provides the Board with an independent assessment of the company’s cybersecurity strategy and the investments made to protect the company from cybersecurity risks. Understand where improvements are needed in people, process and/or technology. A short time-boxed assessment designed to deliver high value insights to Board members.

Cybersecurity Executive Awareness Training

In-person or virtual cybersecurity awareness training for Board members focused on how to protect the company from cybersecurity risks. Includes guidance on key considerations for the Board, how to evaluate the organization’s security program, and how to prepare for a security incident.

Cybersecurity Breach Simulation

An interactive session with key Board members to rehearse and practice the real-time decision-making needed in a breach incident. Adapted to follow the company’s specific incident response plans. Board members will gain a better understanding of their role in responding to a cybersecurity breach when (not if) it happens.

Cybersecurity Mentoring

Ongoing support and mentoring to key Board members to help them identify, understand and evaluate the company’s cybersecurity program. Helps Board members keep up-to-date with key cybersecurity issues and trends and be able to make appropriate queries of management.