Cybersecurity oversight is a key fiduciary responsibility for a board of directors and was a significant concern for companies even before the COVID-19 pandemic forced so many organizations to suddenly shift to remote work. Data breaches and other cyber threats pose significant competitive, reputational, and litigation risks and require increasingly costly investments to prevent, detect, and respond to. Changes in the environment as a result of the pandemic have created new risks that need to be managed with board oversight.
With a cyber breach considered by most experts to be inevitable, cyber risk must be part of the board’s overall risk oversight. Keep in mind that directors don’t need to be technologists to play an effective role in cyber risk oversight. Every board can take the opportunity to improve the effectiveness of its cyber oversight practices.
The board should ask the following general questions to understand cybersecurity risk:
- What are