- Empty cart.
- Continue Shopping
The Boardroom Gap: How to Close the Gap Between Board Priorities and Actions
- Posted on
Syed Reyhan
- 0
- Categories: Uncategorized
As cyber-attacks become more costly, disruptive and dangerous to businesses, cybersecurity governance is rapidly becoming a priority for boards. Some boards are introducing a new director’s expertise in cybersecurity to their rosters, while others are using contractors and third-party service providers to bring cybersecurity expertise into the boardroom. Some are even employing an approach that is controversial: hiring hackers from the red team to better nonprofit board member test the security of their systems to determine which vulnerabilities they may have.
But for many boards there is a gap between their stated priorities and the actions they take to address those priorities. Our research has shown that just 69% of board members report they are regularly in contact with their CISOs, and a significant percentage of them only communicate with their CISOs during board meetings. These gaps must be addressed to ensure that the boardroom is in a position to engage with CISOs and be aware of cybersecurity risks.
To close the gap, it is essential to make cybersecurity a core part of every board meeting and to engage directors in meaningful discussions about the threats they are facing. This means changing the manner the conversation is conducted in the boardroom. For instance, introducing the topic of cybersecurity on the agenda and pre-read materials to be used in meetings to have deeper discussions about cybersecurity issues. It is also essential to make cybersecurity a top priority for the board, and also to establish an environment that promotes security by way of the tone of voice from the top, and reward for those who speak up about the risks.
