The Boardroom Gap: How to Close the Gap Between Board Priorities and Actions

The Boardroom Gap: How to Close the Gap Between Board Priorities and Actions

As cyber-attacks become more costly, disruptive, and a threat for businesses cybersecurity governance is quickly becoming a priority for boards. Some boards are introducing a new director’s expertise in cybersecurity to their board rosters, and others are turning to contractors and other third-party service providers to bring cyber risk-related expertise into the boardroom. Some are even employing an unpopular method of hiring hackers from the red team to test the security of their systems to determine which vulnerabilities they may have.

For many boards there is a gap between their stated priorities and the actions they take to meet the issues they have identified. Our research has found that just 69% of board members report they regularly interact with their CISOs, and a significant portion of them only talk with their CISOs during board meetings. These gaps must be closed to ensure that the boardroom is given adequate visibility and discussion about cybersecurity risks.

To close the gap it’s crucial to make cybersecurity a central aspect of every board meeting and to involve directors in meaningful discussions about the threats they confront. This requires changing the way conversations take place in the boardroom. This includes having a dedicated agenda item and introducing pre-read material that can be used for deeper discussions of cybersecurity issues during meetings. It also requires making cybersecurity a top priority for the board and establishing a secure culture in the business through high-level leadership, rewarding of those who raise risk awareness and consequences for the entire management team.

Escribir un comentario

Mi carrito
  • No hay productos en el carrito.