Yesterday Forbes featured an excellent article that explained why it is important for companies to create Board-level committees to focus exclusively on the issue of cybersecurity. Here is just a teaser but I encourage you to read the entire article.
Step one for every board is to understand that it is supposed to be offering oversight on these risks as part of its fiduciary duty. The board needs to assure there are internal controls in place to protect the corporation’s cyber assets. The stakes are high. A study found that up to $21 trillion in global assets could be at risk from cybercrime. What is needed is a solid board structure for monitoring and managing cyber risk in the company. To begin, I recommend is a series of committee briefings so “cyber security” is demystified and better understood. However, given the complexity and dangers involved, I think the time has come for boards to create a dedicated cybersecurity technology committee.
read more: Why It’s Time For A Board-Level Cybersecurity Committee
Hey Shawn, the author makes some good points in the article, but, what she misses is the fact that most CEO’s and the C-suite for that matter are still seeing cyber security as an IT issue. Boards are beginning to show concern but rely on management for a plan. Management is looking to IT who is, in too many cases claiming the network is secure, sometimes out of arrogance, other times out of ignorance and lack of expertise in the security area, and that up-time is great. Unfortunately for many companies the cyber security conversation gets pushed to IT and dies. What managers need to understand is that it is not a cyber security issue, it is a risk management issue. Leadership better begin to identify and address the risk, and then bring the board into the discussion.
Dave
David, thank you very much for sharing your insights – I agree 100% that it is time for everyone to realize this is no longer an IT issue (if it ever really was) and is now, perhaps, the biggest general business issue companies face because its impact transcends all aspects of the business environment. As you pointed out, the biggest challenge is often getting past the IT gatekeeper to which, quite naturally, company leadership looks to and asks “do we have an issue?” and the response is far too often “nah, we’ve got a covered” … until it hits the fan!
Reblogged this on tomhulsey and commented:
Great advice for the Board!