Board Members and Executives Take Note: Cybersecurity Is Not an IT Issue

Chris Reffkin
| 2/15/2016
risk-16005-015q-blog-image3

In today’s business world, cybersecurity is no longer relegated to a dark IT room with flickering lights. Cybersecurity now receives the attention it rightfully deserves as a key risk and performance indicator for organizations. Critical cybersecurity data breaches can lead to the dismissal of CEOs, chief information officers, and chief information security officers.

The board of directors and C-suite should be engaged in the governance of and helping to set strategy for the organization’s cybersecurity. This is especially important given that good cybersecurity governance has a risk management component. Defining acceptable levels of risk for the organization and owning that risk typically occurs at an organization’s highest levels.

Executives don’t need to become cybersecurity professionals; instead, the C-suite needs to know the right questions to ask, governance policies to set, and strategy to put in place to oversee cybersecurity effectively. Management shouldn’t shy away from educating the board, which ultimately is responsible for the impact of cybersecurity on the organization.

Executives may need assistance to gain confidence in the area of cybersecurity. Most organizations already have some external oversight that the C-suite relies on, and cybersecurity should be no different.