The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Blog   /  Considerations for cybersecurity oversight in the boardroom

Considerations for cybersecurity oversight in the boardroom

A little more than a year ago, Equifax disclosed to the public that it had experienced a cyberattack, during which hackers stole the names, Social Security numbers, birthdates, and addresses of 147.7 million Americans – more than half the US population. Since then, other major data breach incidents have been reported worldwide, involving—among many other entities—Facebook, fitness tracking app Strava, Adidas, Under Armour, and identification authority Aadhar (compromising the personal information of all 1.1 billion Indian citizens registered under its service).

By now, it should go without saying that cybersecurity is not just an IT issue. Cybersecurity requires enterprise-wide awareness and effort. Cyberattacks hurt a company’s reputation and can lose your customers’ and suppliers’ trust: it can be difficult to shake off the public view that your organization is unreliable or inefficient.

To a large extent, the success of your cybersecurity framework can be measured by how quickly you can detect and deal with breaches.  If an organization is slow to respond to or detect a security breach, operational and legal costs will rapidly accumulate, not to mention costs related to crisis management. At the same time, employees are stuck with dealing with the problem instead of going about their usual responsibilities.

Considering how much is at stake for a company, cyber risk needs to be near the top of the agenda during Board meetings. Some key considerations for cybersecurity oversight:

Defining board roles and responsibilities

Establishing clear roles for senior management and board members is key to ensuring accountability and ownership for cybersecurity oversight and cyber incident responses. Have the appropriate lines of communication been set up as part of a holistic cybersecurity framework?

Improving board knowledge

Encouraging board education programs on cybersecurity can empower board members with the confidence to be more proactive with cybersecurity. Board members do not need to be technical experts, but armed with the requisite knowledge, they can provide the perspective and knowhow on using cybersecurity as a competitive advantage.

Communication effectiveness and frequency

Organizations need to implement structures and processes that will enable a consistent and reliable flow of information. Boards should consider whether the quality and frequency of meetings and reporting are sufficient for the organization’s needs and objectives. Boards will not be able to make the right strategic decisions if they do not get relevant information in a timely manner.

Setting the tone at the top for organization-wide culture and competencies

In this volatile business landscape, there are evolving expectations for boards on their duties, transparency, innovation, and so on. Depending on the maturity of the organization’s cybersecurity framework, Boards can set the tone at the top for culture, review current capabilities and talent management, review response plans, and assess existing structures – so that senior management can make improvement.

What next?

These considerations are the tip of the iceberg when it comes to cybersecurity oversight. As cybersecurity becomes ever-more complex as technology continues to evolve, Boards have the opportunity to lead their organizations in implementing best practices as well as becoming a cybersecurity leader in their industry.

Want to learn more? Deep-dive into this topic on our upcoming training program for board directors, Cybersecurity Oversight in the Boardroom, on October 22. Alternatively, find out more about our Qualified Risk Director (QRD® ) certification program, designed to provide board directors with a holistic understanding of Enterprise Risk Management and Governance, Risk, and Compliance matters.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

              Name (required)

              Email Address (required, business email address only)

              Mobile Number (required)

              Company (required)

              Designation (required)

              Preferred Contact Method: (required)

              CallEmail

              What is the biggest challenge in your job/industry

              Which modules are you interested in? (required)

              Evolution of BCM Standards, Policies and FrameworksBIA & BCMS Frameworks and StrategiesRisk, Sustainability, Metrics and Crafting Effective Business Continuity Plans

              Message

                Name (required)

                Email Address (required, business email address only)

                Mobile Number (required)

                Company (required)

                Designation (required)

                Preferred Contact Method: (required)

                CallEmail

                What is the biggest challenge in your job/industry

                Which modules are you interested in? (required)

                Emergency Preparedness, Response, BC Awareness and trainingBCMS Performance, Metrics and Audits, Disaster Recovery Plans and Lean MethodologiesCrisis Management

                Message

                User registration

                Reset Password