Would it surprise you if I said you didn’t need a dedicated cybersecurity expert on your board?
Don’t misunderstand: expertise in cybersecurity definitely is valuable to have on your board of directors. However, rather than identifying someone with deep information security expertise to understand and oversee digital risks, it is far more valuable to help all of your board members appreciate and evaluate the company’s cybersecurity posture through a general risk management lens.
A company’s security program needs to be contextualized in terms of corporate materiality for effective oversight. The IT leadership and C-suite should have the responsibility for translating cybersecurity implications to board members. Each board member should be equipped with the skills to judge digital risks and whether mitigation measures are appropriate for the business. Having board members bring their own diverse management backgrounds to help evaluate security issues can help identify gaps in the company’s risk management strategy that might not otherwise have been identified.By making cybersecurity more approachable to non-expert board members, companies enjoy the benefits of a broader set of tools and experiences to evaluate and skillfully address potential pitfalls.The Value of a Unified Risk Management Strategy
Weaving cybersecurity into the overall risk management strategy ensures seamless corporate governance.
In other words, the risks the enterprise faces in the digital domain should be understood and addressed consistent with any other form of risk that the organization faces. Cyber threats just happen to be found in the digital realm. That consistency is critical not only to achieve efficiencies across the organization, but also to prevent gaps in coverage. For example, investing in new cloud security capabilities may not be a priority for an organization whose infrastructure lives on premise, but if the company is rapidly shifting its operations to the cloud for (Read more...)
