As cyber-attacks become more costly, disruptive and risky to businesses cybersecurity governance is fast becoming a top priority for boardrooms. Some boards are adding a new director’s expertise in cybersecurity to their board rosters, and others are turning to contractors and third-party service providers to bring cybersecurity expertise into the boardroom. Some are even employing a controversial technique: hiring hackers from red teams to test the security of their systems and find out which vulnerabilities they may have.
There is a disconnect between the goals boards set and the actions they do to achieve them. Our research has found that just 69 percent of board members say they are regularly in contact with their CISOs, and a significant proportion of those only interact with their CISOs during board presentations. These gaps must be filled so that the boardroom can be able to have a dialogue and recognize cybersecurity threats.
To close the cybersecurity gap, it’s essential to make cybersecurity a part of every board, and to engage directors in meaningful discussions about the dangers they confront. This means changing the way the discussion takes place in the boardroom. For instance, it is possible to introduce an agenda item for cybersecurity and pre-read materials to be used in meetings to discuss more in depth cybersecurity issues. It is also necessary to make cybersecurity a top priority for the board and establishing a security-focused business culture through leadership from the top, rewarding of those who increase awareness of risk and imposing consequences on the entire management team.
https://greatboardroom.com/recommendations-on-being-a-better-nonprofit-board-member/