Board members should be aware of their company’s cyber risks to ensure that they steer the organisation in the right direction. But it’s not always easy.
Cybersecurity has always been a field which was dominated by technologists who worked in remote server rooms. Cyber risk has become a business risk that impacts every aspect of a company, especially in the wake of recent huge breaches such as those at Colonial Pipeline and Equifax.
Boards are now demanding more from their CISOs as well as their security teams. In addition to spending more on new technology or making sure that staff receive proper training Board members need a clear and compelling vision of how a well-trained security team can protect itself from the most sophisticated threats. And this message must be conveyed in a manner that is easily understood by non-technical executives in the boardroom.
A great way to accomplish this is to align security with business goals and use real-time metrics. You can provide the board with the information it needs to make decisions by providing regular reports which show the development of security measures, a decreasing risk index, and other key metrics. Use stories instead of just passing along numbers. You can demonstrate to your board how their quick actions have thwarted a crucial danger by sharing a real life-like example.
www.greatboardroom.com/boardroom-information-security-questions-your-board-will-ask/