Cybersecurity is now a serious, enterprise-level risk and strategy challenge. Boards need to continuously assess their effectiveness to address cybersecurity, both in terms of their own fiduciary responsibility as well as their oversight of management’s activities. While the approaches taken by individual boards will vary, the principles in the ISA-NACD Cyber-Risk Handbook, and the several versions adapted for various countries and regions now available around the globe, have been shown to offer a helpful blueprint and timely guidance.
Ultimately, the board’s role is to bring its judgment to bear and provide effective guidance to management, in order to ensure the cybersecurity program is appropriately designed and sufficiently resilient given their company’s strategic imperatives and the realities of the business ecosystem in which it operates.