What Boards Really Need to Know About Cyber Security
Delta Risk’s Founder and Executive Chris Fogle dives into the subject of cyber security perspectives for boards and business executives. In addition to presenting on this topic today at CyberTexas 2016, he took a few minutes with The CyberWire Friday podcast to discuss board responsibility when it comes to cyber security. Listen in at the 13:40 mark.
Board Responsibility for Cyber Security
When it comes to corporate fiduciary duties, boards of directors are legally held to an ethical standard and duty of care that requires safeguarding the financial and reputational interests of the company and its shareholders. They can’t take a passive approach. They have to practice due diligence, dedicate time for research, and verify the business landscape before they make their decisions.
On the whole, board members are intimately familiar with their business and they are experienced in the issues facing their companies. However, when it comes to assessing the cyber security threat landscape and how it impacts their business, there has been a steeper learning curve.
Board members don’t always understand the threats, and they don’t have the experience handling today’s most common issues surrounding cyber-attacks and data breaches.
But things are getting better. Boards are getting more indoctrinated in cyber security issues. Their companies are gaining more insights into the methods and approaches needed to effectively manage cyber security risk. Board of directors also understand that there is a sharp difference between compliance and security, and the two states shouldn’t be regarded the same way.
While there has been an increase in cyber security awareness, there has also been a corresponding decrease in board confidence that their company’s leaders and security staffs can manage the daily battles against sophisticated and persistent threat actors. They are much less confident in the assurances they’ve been given by their security teams that the company is doing all it can.
Addressing this confidence issue is paramount. The first step is for boards to enlist the right resources to arm their staffs with the capabilities to combat cyber security threats. In terms of resources, there’s no shortage of security advice and services available to boards and company leadership. How do boards invest in the right services to form their cyber security strategy?
In part II of our blog, we will discuss the near-term investment strategy board members can employ to better manage critical cyber security issues such as handling cyber security insurance, managing third-party vendor risks, and approaching cloud security in today’s business environment.