Data breaches. First, they were the concerns of CISOs and CIOs. Some even lost their jobs after overmediatized breaches. Then CEOs got the spotlight, especially as brand reputations were damaged and customers left angry and churning. Today, board members are increasingly more involved in discussions around companies’ cybersecurity and measures needed to prevent being thrown into the next big headline.
We’ve come a long way from the days where board members would ask: Are we secure? They are now requesting scorecards that measure company security posture. They are also asking more questions related to regulations and how security controls can help demonstrate compliance. Soon, we will see boards demanding quarterly cybersecurity briefings — some directly presented by the CISO — rather than relying on the occasional update from the company security committee.
via Cybersecurity And The Board — Forbes