The Steps Your Board Must Take When Overseeing Cyber Risk

Episode Summary

Although cyber risk has become a standard area of oversight for today’s boards, it remains one of the most challenging risks for board members to get their arms around. A majority of today’s directors did not face cyber attacks during their business careers, and now they find themselves tasked with protecting a company’s most valuable assets from unknown disruptors.

In this episode, Michael Kaiser, Executive Director of the National Cyber Security Alliance, offers a roadmap for today’s boards. First and foremost, Kaiser says, board members shouldn’t be afraid of cyber risk:

[Boards shouldn’t] think that [cyber] is something so technical and brand new that they don’t have a handle on it. Boards have dealt with risks of all kinds within their organizations in the past—they have adopted new risks over time. If they’re skilled and feel confident doing that, then they should feel confident about cyber.
— Michael Kaiser, Executive Director, National Cyber Security Alliance

Kaiser advocates a holistic plan for cyber oversight and outlines the first steps boards must take to protect their companies from cyber attacks. He emphasizes that “not all risks are created equal for all organizations”. Instead, each board must approach cyber oversight through the lens of its own company operations. In this episode, we cover:

  • What steps should the board be taking in a holistic approach to cyber oversight?
  • In what ways is cyber risk similar to (and different from) other areas of board oversight?
  • Why should boards consider “the human element” when outlining a strategy for protection?

Don’t Miss Additional Resources on Cyber Risk

board oversight of cyber risk

Which board committee (if any) should own cyber risk? What kind of liability could the board be faced with in the wake of a data breach? These are just a few of the topics we tackle in the Episode, Insights & Events on our Cyber Risk page.

Browse Resources