Don't put cybersecurity on CISOs' shoulders –– Why board members aren't doing enough

Corporate board members should be held more accountable to verify cybersecurity risks and ask questions about cyber efforts, governance experts told The Wall Street Journal

While board members say they are move informed, they often fail at asking specific questions on management. Additionally, board members don’t demand metrics to measure the effectiveness of cybersecurity efforts, according to speakers at the National Association of Corporate Directors. 

Rather than simply putting all cybersecurity efforts into the hands of the chief information security officers, all directors and executives need to take on more responsibility. 

Starbucks’ CISO David Estlick recommends directors quiz their security teams and business executives about cybersecurity processes and procedures. This, he says, can change the company’s culture. 

Abhi Shah, vice chairman of legal consultancy Morae Global Corp., recommends boards and executives vet the information they are given by hiring outside firms to conduct penetration tests. 

“There’s a lot of patting ourselves on our backs that we’ve gotten this far,” said Valerie Abend, managing director of Accenture’s security division, according to WSJ. “If you think the CISO alone is going to protect our organization, you’re mistaken.” 

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Whitepapers

Featured Webinars