May 2, 2018
May 2, 2018
As a member of your company’s board, you know that cybersecurity is a critical risk that simply cannot be ignored, and that should be reported on regularly by the appropriate executives. According to the 2017 NACD Director’s Handbook on Cyber-Risk Oversight, 89 percent of public-company directors say cybersecurity is discussed regularly in board meetings, and 72 percent of private-company directors say the same. Most companies are clearly moving in the right direction.
However, not all directors are familiar with cybersecurity operations and how to assess the associated risks. If you’re a newer member of your company’s board, you may wish to review some of the following topics that you should expect from security and risk teams in their cybersecurity presentations.
Navigating Your First Briefing
If this is your first time listening to a cybersecurity presentation at a board meeting, you can expect the chief information security officer, or CISO, to provide a short background on the company’s cybersecurity practices and how they define cybersecurity in their organization. They’ll also discuss how the board should approach oversight of cybersecurity. The most effective CISOs talk in terms of risk management, which means cutting out technical jargon and focusing on business value. They may also draw the board’s attention to cybersecurity’s impact on stock price and bottom line to establish a common language.
Below are some of the topics you can expect to be reviewed:
What to Expect Going Forward
Now that you’ve experienced your first cybersecurity presentation as a board member, you can expect that the CISO will continuously educate you and the rest of the board on critical issues. You can expect to be briefed on the effectiveness of the risk management tactics the company is employing. In other words, you should know where and how the company is succeeding or failing (and how that compares to previous quarters), as well as any areas that need strategic improvement.
Here are some topics you can expect from the CISO in their ongoing security presentations to you and the rest of the board:
There is a lot to consider and process when listening to an effective cybersecurity presentation. Be sure to prepare yourself beforehand so that you know what to expect and can contribute to future meetings accordingly.
Tom Turner is CEO and President of BitSight.