What Every Board of Directors Should Know about Managing Risk in their Organization

The primary responsibility of any board of directors is to secure the future of the organization(s) they oversee. To do so, board members need consistent access to information on circumstances and risks that could affect the future of the organization. Cybersecurity is a prime example of information that directly affects the wealth and future prospects of an organization but has heretofore not been subject to board level review and oversight.

However, in the wake of the devastating number of high-profile cyber-incidents and their significant financial and legal ramifications, cybersecurity is no longer a topic that can be left solely to the IT department. It is now essential that the board ask strategic and thoughtful questions on how well the organization they oversee is prepared to face the new world of high-risk data breaches and realize continued success in these tumultuous times.

Identifying five key tenets of cybersecurity oversight, this document provides a non-technical overview on cybersecurity and provides recommendations for the topics that every board member should consider.