Cybersecurity governance is becoming a top priority for boardrooms as cyber attacks become more expensive disruptive, dangerous and disruptive to companies. Some boards are introducing a new director competency of cybersecurity expertise to their list of competencies, while others are turning to contractors and other third-party service providers to bring cyber risk-related expertise into the boardroom. Some boards are employing an unpopular method of hiring hackers from red teams to test their systems to determine where they are vulnerable.

There is a gap between the goals boards announce and the actions they do to attain them. Our research shows that only 69% of board members report they regularly interact with their CISOs. A significant proportion of these board members only interact with their CISOs when presenting to the board. These gaps must be eliminated to ensure that the boardroom has enough visibility and dialogue regarding cybersecurity risk.

To bridge the cybersecurity gap, it is essential to make cybersecurity a part of every board’s agenda and involve directors in meaningful discussions regarding the threats they face. This requires changing the way the conversation takes place in the boardroom. This includes the creation of a specific agenda item, as well as introducing pre-read documents that can be used for more detailed discussions on cybersecurity issues during meetings. It is also necessary to make cybersecurity a top priority for the board and develop an environment of security-conscious business through the tone of voice from the top, and reward for those who are able to raise awareness regarding the risks.

www.greatboardroom.com/boardroom-information-security-questions-your-board-will-ask/