A cybersecurity failure may be viewed as a breach of the D&O DUTY OF CARE. Cyber attacks and threats are commonplace in today’s organizations. The more digitally native an organization’s infrastructure is, the greater the vulnerability and susceptibility. The adage PRIOR PROPER PLANNING PREVENTS PISS POOR PERFORMANCE is a gentle reminder to boards. Planning for cybersecurity is a verb requiring active board integrative thinking, dialogue and decision making. The greatest leverage to minimize and mitigate security breaches occurs long before trouble strikes.
Foresight Framework:
• Is there a cybersecurity program and strategy in place?
• Has an independent cybersecurity risk assessment been performed?
• Is the board well informed and knowledgeable about the organization’s current risk exposure?
• Does the board have an understanding of the integrated technology risk profile?
• Has the board defined norms considering risk types – acceptable & unacceptable?
• Are principles,roles, responsibilities, policies, practices & processes defined?
• Is cybersecurity integrated into the board dashboard & tabletops?
• Is the board current on the cyber regulatory, legislative and statutory landscape?
• Does the organization have a working relationship with law enforcement-local, state & fed
A CULTURE OF SECURITY IS A MUST: Cybersecurity is a team sport. You’re only as secure as the weakest link!