Cybersecurity is now a serious, enterprise-level risk and strategy challenge. Boards need to continuously assess their effectiveness to address cybersecurity, both in terms of their own fiduciary responsibility as well as their oversight of management’s activities. While the approaches taken by individual boards will vary, the principles in the ISA-NACD Cyber-Risk Handbook, and the several versions adapted for various countries and regions now available around the globe, have been shown to offer a helpful blueprint and timely guidance.
Ultimately, the board’s role is to bring its judgment to bear and provide effective guidance to management, in order to ensure the cybersecurity program is appropriately designed and sufficiently resilient given their company’s strategic imperatives and the realities of the business ecosystem in which it operates.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.