Foreword:
As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies and their investors are coming to terms with a grim reality: Data breaches, or cyber incidents, are no longer a matter of if but when. Having put to rest rose-colored notions of eliminating this threat, investors are looking to boards for leadership in addressing the risks and mitigating the damage associated with cyber incidents.
Cybersecurity is an integral component of a board’s role in risk oversight. Directors have the authority, capacity and responsibility to make pivotal contributions in this area by ensuring adequate resources and management expertise are allocated to robust cyber risk management policies and practices, and ensuring disclosure fairly and accurately portrays material cyber risks and incidents.
To achieve these objectives, directors need not develop advanced technical expertise. Nor do directors need to support unrestrained capital spending on any project with a “cyber” prefix. Directors need to:
• understand management’s cybersecurity strategy;
• learn where cybersecurity weaknesses lie, and;
• support informed, reasonable investment in the protection of critical data and assets.
This publication is intended to help investors communicate one central message: Effective cybersecurity risk management starts with the board. Users should expect companies of various sizes, industries and cyber risk profiles to bring different strategies, in varied stages of implementation, in response to this massive and growing challenge.
Read full publication here.
Source: Council of Institutional Investors – http://www.cii.org/content.asp?contentid=51
About BDTI
The Board Director Training Institute (BDTI) is a “public interest” nonprofit in Japan dedicated to training about directorship, corporate governance, and related management techniques. It is certified by the Japanese government to conduct these activities as a regulated nonprofit. Read a summary about BDTI here, and see a menu of its services for both corporations and investors here.