Does Board Oversight of Cybersecurity Mean Directors Must Become Cybersecurity Experts?

Does the board of directors’ duty of oversight over their companies’ cybersecurity require the individual directors to become experts on cybersecurity? That is a fair question and one that I’ve seen many people have difficulty understanding.

The answer is “no,” as explained by Michael Santarcangelo (@catalyst) in his CSO article Why the board needs security leaders to fuel disciplined growth:

As the risk of breaches increases, boards – whose role when they oversee the CEO is to act as fiduciaries on behalf of shareholders– are increasingly at risk of falling short of their responsibilities. While board members are not expected to be experts on information security, they must make sure that the company has the right people and processes in place to erect defenses against information security violations, to establish procedures for monitoring the level of information security, and to make sure that the right steps are taken should a security breach occur.

Santarcangelo interviews Peter S. Cohan in this article and shares additional insight that all directors, CEOs, and CISOs need to understand about each of their respective roles in this process. Take the time to read this article.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s