In today's digitally driven world, cyber threats pose a significant risk to organizations of all sizes and industries. As stewards of their companies' success and security, board members play a crucial role in safeguarding sensitive information and ensuring business continuity. Threats from within are on the rise as employees are being duped into releasing sensitive information.
While the Security and Exchange Commission (SEC) is promoting more reporting and controls around cyber risks for public companies, the same guidelines are best practices for private companies. Board members should begin by creating a robust cybersecurity governance framework. This framework should outline roles, responsibilities, and reporting structures within the organization. In many instances, the Audit Committee under the enterprise risk mandate can work with the Chief Information Officer (CIO), Chief Information Security Officer (CISO), General Counsel (GC), and Chief Financial Officer (CFO) to promote further awareness alongside a cyber committee of the Board.
Board members should champion a cybersecurity-aware culture within the organization. Promoting employee training and awareness programs to ensure everyone understands their role in safeguarding sensitive information should be imperative and reported on during board meetings. Safety first...and more to follow.
© Copyright 2023. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
