Leading companies view cyber risks in the same way they do other critical risks—in terms of a risk-reward trade off. This is especially challenging in the cyber arena for two reasons. First, the complexity of cyber threats has grown dramatically. Corporations now face increasingly sophisticated events that outstrip traditional defenses. As the complexity of these attacks increases, so does the risk they pose to corporations. As noted above, the potential effects of a data breach are expanding well beyond information loss to include significant damage in other areas. Second, competitive pressures to deploy increasingly cost-effective business technologies often affect resource investment calculations. These two competing pressures on corporate staff and business leaders mean that conscientious and comprehensive oversight at the board level is essential.
NACD, in conjunction with AIG and the Internet Security Alliance, has identified five steps all corporate boards should consider as they seek to enhance their oversight of cyber risks. The handbook is the first private-sector resource to be featured on the U.S. Department of Homeland Security’s US-CERT C3 Voluntary Program website.
Go to this page to ask for the free handbook: