How to Manage Cyber Risk as a Board Director>
OODA Loop – Daniel Pereira
the US Securities and Exchange Commission (SEC) about to publish new regulations requiring publicly traded corporations to document their risk mitigation measures and name who on the board is a cybersecurity lead, we expect all boards will be revisiting the optimal ways to manage cyber risk. Corporate Directors should not wait for final rules from the SEC to start gap analysis on how the corporation is managing cyber risk. Some steps that can be taken right away: A gap assessment should be conducted to assess the difference between best practices and current corporate practices. All directors should seek to understand and mitigate cyber risk by leveraging expert advice from experienced risk management professionals. The threat to your business needs to be contextualized to be mitigated. Ensure planning involves business leadership, not just IT and Security. Many boards will decide to form cybersecurity committees so a few designated board members can work issues with management outside of board meetings. Monitor execution, especially on actions requiring people to think differently. We most strongly recommend that corporate directors take action to keep informed of emerging cybersecurity, geopolitical and technological developments that contribute to systemic risks. Directors seeking a deeper understanding of the nature of cyber risk and best practices in corporate governance can leverage OODA Board Cyber Advisory Services.
Link: https://www.oodaloop.com/business/2023/03/21/how-to-manage-cyber-risk-as-a-board-director/