Don't put cybersecurity on CISOs' shoulders –– Why board members aren't doing enough

Corporate board members should be held more accountable to verify cybersecurity risks and ask questions about cyber efforts, governance experts told The Wall Street Journal

While board members say they are move informed, they often fail at asking specific questions on management. Additionally, board members don’t demand metrics to measure the effectiveness of cybersecurity efforts, according to speakers at the National Association of Corporate Directors. 

Rather than simply putting all cybersecurity efforts into the hands of the chief information security officers, all directors and executives need to take on more responsibility. 

Starbucks’ CISO David Estlick recommends directors quiz their security teams and business executives about cybersecurity processes and procedures. This, he says, can change the company’s culture. 

Abhi Shah, vice chairman of legal consultancy Morae Global Corp., recommends boards and executives vet the information they are given by hiring outside firms to conduct penetration tests. 

“There’s a lot of patting ourselves on our backs that we’ve gotten this far,” said Valerie Abend, managing director of Accenture’s security division, according to WSJ. “If you think the CISO alone is going to protect our organization, you’re mistaken.” 

More articles on cybersecurity:
58% of CISOs say weathering a breach makes them more attractive to potential employers: report
Hacking, IT incidents caused most August data breaches
Wyoming health system halts patient admissions after ransomware attack

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers