Cybersecurity: A Matter that Should Be Addressed by Company Boards

The fact that cybercrime damages are expected to exceed $8 Trillion USD this year has sounded the alarms of governmental agencies and Boards across the globe (Cybersecurity Ventures, 2022).

On one hand, we have agencies such as the United States Securities and Exchange Commission (SEC) proposing new rules and standards demanding greater rigidity and involvement on behalf of managerial positions associated to cyber-risk management, governance, and incident disclosure, as well as restructured reporting in which companies will have to give a deeper look into the impacts of cyber-attacks, from different business perspectives.

On the other hand, we have Boards of Directors starting to become more and more aware of the importance of not only discussing but also addressing cybersecurity and acknowledging that its associated risks may be some of the most critical to manage as they can have huge consequences in diverse fronts such as the reputational, financial, and operational.?

To make sure your Board is well prepared to face SEC’s new regulations and develop a cybersecurity-awareness culture in which it is properly addressed, here are a few tips to consider:

1. Make sure your Board has some actual expertise on cybersecurity, to assure it’s capable of taking ownership of the subject. To do so, train your Board on cybersecurity essentials, the latest cybersecurity trends, and cyber risk factors.
2. The Board should be aware of SEC’s new regulations as well as those that already exists, depending on the country and industry in which the company is operating.
3. Try to find cybersecurity experts that will be able to support cyber risk analysis and help interpret the company’s cybersecurity context.
4. Constantly highlight on the responsibilities the Board has regarding cybersecurity.
5. Bring to the Board the company’s cybersecurity indicators and make sure to be giving them a proper analysis to make sure proper cybersecurity plans and actions are being taken, and effectively manage circumstances that might possibly get out of hand.
6. Clearly know the cyber risks and ask important cybersecurity questions. These might include:

• What are the “crown jewels” that the company must protect and is management reviewing them and making changes??
• Do we wave a resilient contingency plan to deal with cyber breach and the evolving cyber risk landscape?
• Is there an actual strategy to hire the cybersecurity talent the company requires?

Involving your Board with cybersecurity matters will for sure enable a cyber resilient culture in your organization and support cyber risk management in all different angles!

Sources: Deloitte, Forbes, Cybersecurity Ventures, Seccuri

Written by: Sara Velásquez, Growth Lead at Seccuri