In the aftermath of a corporate cyber-attack, boards and the companies they govern are subjected to immediate public scrutiny and, in many cases, unwarranted criticism. This new cyber-reality has essentially removed the distinction between board member and IT executive, with cybersecurity emerging as a key corporate risk area.
In my article, I explain that for corporations, this is the dawning of a new era of data breach and incident response, where trying to avert a cyber-attack is like trying to prevent a kindergartener from catching a cold during the school year.
The remaining papers in this series will broadly cover the following topics:
- People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.
- Technology: the technical systems that provide the foundation for cybersecurity infrastructure.
- Data Mapping and Encryption: the board’s oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.
By using these concerns as a guide, boards of directors can not only become more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item, at the top of a board’s oversight agenda.