The Boardroom Gap: How to Close the Gap Between Board Priorities and Actions
As cyber attacks become more costly, disruptive and risky to businesses cybersecurity governance is fast becoming a boardroom priority. Some boards are introducing a new director competency of cybersecurity expertise to their rosters, while others are turning to contractors and other third-party service providers to bring cyber risk expertise into the boardroom. Some are even employing a controversial technique: hiring red team hackers https://greatboardroom.com/boardroom-information-security-questions-your-board-will-ask/ to test the security of their systems to determine the weaknesses of their systems.
There is a gap between the priorities that boards announce and the actions they do to attain their goals. Our research has shown that just 69 percent of board members claim they regularly see eye-to-eye with their CISOs, and a significant proportion of those only interact with their CISOs during board meetings. These gaps must be plugged to ensure that the boardroom is given sufficient visibility and dialogue about cybersecurity risk.
To bridge the cybersecurity gap, it’s vital to make cybersecurity a part of every board and get directors involved in meaningful discussions about the dangers they are facing. This means changing the manner the discussion takes place in the boardroom. For instance, introducing an agenda item for cybersecurity as well as pre-read material to be used in meetings to discuss more in depth cybersecurity issues. It is also necessary to make cybersecurity a top priority for the board and create a security-minded business culture through the tone of voice that comes from the top and rewards for those who bring awareness about the risks.