With the rise in cyberattacks it is becoming increasingly important to have a boardroom information security expert is now a pressing business imperative. There are a lot of cybersecurity professionals who are eager to be appointed to this prestigious position. Having such an individual in the boardroom offers valuable knowledge for investors and management alike.
Unfortunately, many business executives view cyber security as an IT issue, rather than a strategic risk management problem. This is a grave mistake. As a business leader you have a fiduciary obligation to protect your company’s assets. This includes limiting the potential risks to yourself and your family.
This can be done by educating outside your IT department. This requires constant interaction with the C-suite as well as presenting security concepts to them in a manner that’s easily understandable, without using „geekspeak.”
When discussing cybersecurity in the boardroom, a CISO must be prepared to listen and address any concerns of potential board members. This allows the CISO the chance to evaluate the risks and strike an appropriate balance between them and the desired business benefits.
It is also crucial that board members are aware of how to reduce their own risk. This includes checking regularly your email and internet browser history. Additionally, they should only access the company’s board portal with a device that is specifically meant for this purpose and not the same device they use for surfing Facebook or shopping online. CISOs must also make sure that board members are part of the regular security education offered to all employees.