Company newsEducationGovernance

Cybersecurity for enterprise boards is multidimensional

By 2022-04-04No Comments

In a post on the Harvard Law School Forum on Corporate Governance titled Cybersecurity: An Evolving Governance Challenge”, the authors highlighted the following three main issues. I have added a fourth at the end.

A new and different challenge for boards. Cyber threats are constantly evolving, and the motivations and actions of bad actors are extraordinarily difficult to understand and predict.

A wide variety of oversight structures. As cyber threats morph and grow, society is holding the boards of giant companies to account for failures to protect information assets and maintain the integrity of their company assets.

”Complex interactions between directors and management. In many companies, boards entrust the chief information security officer (CISO) with responsibility for cybersecurity. But technology is so pervasive, information so distributed, and cybercrime so fluid that reports from the CISO to the board are, at best, table stakes in cyber assurance.

”Cybersecurity is a multidimensional issue . In addition to being familiar with the operational aspects of cybersecurity, boards must understand how to integrate that risk with overall enterprise risk and meet the evolving regulations from governments and nations. Once a year review is not enough; boards must demonstrate that they are actively monitoring their cyber risk on an ongoing basis .

What is required is a set of global board governance best practices in the model of the ISO/IEC 27001 Information Security Standard for operations but which reflects the board issues mentioned above.

By demonstrating conformance to such global standards, company and enterprise boards can prove that they are meeting their fiduciary duty of care.