The Steps Your Board Must Take When Overseeing Cyber Risk

Inside America's Boardrooms
Although cyber risk has become a standard area of oversight for today's boards, it remains one of the most challenging risks for board members to get their arms around. A majority of today's directors did not face cyber attacks during their business careers, and now they find themselves tasked with protecting a company's most valuable assets from unknown disruptors.

In this episode, Michael Kaiser, now former Executive Director of the National Cyber Security Alliance, offers a roadmap for today's boards. First and foremost, Kaiser says, board members shouldn't be afraid of cyber risk:

[blockquote source="Michael Kaiser, Executive Director, National Cyber Security Alliance"][Boards shouldn't] think that [cyber] is something so technical and brand new that they don't have a handle on it. Boards have dealt with risks of all kinds within their organizations in the past-they have adopted new risks over time. If they're skilled and feel confident doing that, then they should feel confident about cyber. [/blockquote]

Kaiser advocates a holistic plan for cyber oversight and outlines the first steps boards must take to protect their companies from cyber attacks. He emphasizes that ''not all risks are created equal for all organizations''. Instead, each board must approach cyber oversight through the lens of its own company operations. In this episode, we cover:

  • What steps should the board be taking in a holistic approach to cyber oversight?
  • In what ways is cyber risk similar to (and different from) other areas of board oversight? Why should boards consider ''the human element'' when outlining a strategy for protection?