As cyber attacks become more costly, disruptive, and a threat to businesses, cybersecurity governance is rapidly becoming a top boardroom priority. Some boards add cybersecurity expertise as a new director’s skill to their board rosters. Others rely on contractors and third party service providers to bring cyber-risk expertise into the boardroom. Some are even employing a controversial technique: hiring hackers from the red team to test the company’s systems and discover the weaknesses of their systems.
For check out here many boards, there is an inconsistency between their stated priorities and the actions they take to address those priorities. Our research has shown that just 69 percent of board members say they regularly see eye-to-eye with their CISOs, and a significant proportion of those only interact with their CISOs during board presentations. These gaps must be addressed to ensure that the boardroom is in a position to engage with CISOs and see cybersecurity dangers.
To close the cybersecurity gap, it’s vital to ensure that cybersecurity is an integral part of every board and to engage directors in meaningful discussions regarding the risks they confront. This means changing the way conversations take place in the boardroom. This could include having a dedicated agenda item and introducing pre-read materials that can be used for more detailed discussions on cybersecurity issues during meetings. It is also essential to make cybersecurity a top priority for the board and create a security-minded business culture through the tone of voice that comes from the top and rewards for those who are able to raise awareness of the risk.