1/27/2024 0 Comments Diligent boards nz![]() "Trust but verify." It’s a commonly heard dictum in the field of cybersecurity, and it’s a principle the board should be intimately familiar with.Īs boards continue to embrace innovative technology that pushes their business forward (biometrics and AI, for example), they must do so with an understanding of the new risks that innovation brings to the business. Quantify cyber exposure to test financial resilience ![]() It’s crucial that boards understand this distinction and can articulate it appropriately.ģ. Rather, they are a foundation on which the board (and the company at large) can build a strong cybersecurity strategy that is attuned to their business. These certifications serve a dual function: in addition to setting your organization up for better cyber governance, they substantiate and quantify the organization’s commitment to security for a commercial audience.īut it’s important to remember here that certifications are not magical talismans. Examples include ISO 270001, Common Criteria, SOC 2 and FIPS. Similarly, boards should seek independent validation and assurance of their organization’s cyber risk posture through common certifications. Get independent validation through certification ![]() It's also important to have the right expertise on the board, as Brian Stafford noted during the panel discussion: "As boards look to add more diverse perspectives and backgrounds, adding professionals with more cyber knowledge would be a huge asset." Furthermore, seek to leverage the expertise of outside experts to build a strong cybersecurity function into your board so that it can continuously evaluate the company’s preparedness at the highest levels.Ģ. Of course, you shouldn’t entirely outsource your cyber decision-making to outside experts. Boards would be well-advised to partner with these advisers for an objective look at their current cyber posture –– and how that posture compares to the ideal for a business in their position. Meeting these new cybersecurity standards requires the expertise of external advisers with deep knowledge of cybersecurity. Your board needs to possess a deep understanding of your company’s current approach to cybersecurity. Moreover, your board should include a set number of members who bring an extensive background in cybersecurity to the table. ![]() In a recent panel discussion, "Do Better: Board-Level Accountability in Cybersecurity," at the 2023 RSA Conference, Diligent CEO Brian Stafford, Docusign board member Maggie Wilderotter and former Associate General Counsel (Privacy) at Zoom Greg Silberman covered six ways your board can strengthen its cyber literacy in preparation for a new era of corporate accountability. A proactive approach to risk management is the key to staying compliant and staying ahead of emerging risk. Neglecting this responsibility puts the organization at risk of the reputational damage and financial burden of noncompliance. High-profile espionage efforts (in addition to internal leaks) underscore the extent to which geopolitical risk is cybersecurity risk in a world characterized by new methods of digital subterfuge.Īmidst this shifting environment, boards must develop a deep understanding of their organization’s cyber risks in order to provide adequate oversight across their cybersecurity and compliance programs. This trend is largely driven by emerging sources of geopolitical risk, many of which overlap significantly with cyber risk. This proposal is part of a broader regulatory trend: enforcing new accountability standards on the private sector (especially its most senior leaders) regarding the evolving threat of cyberattacks. In March 2022, the Securities and Exchange Commission (SEC) proposed rule changes requiring public companies to provide enhanced disclosure regarding cybersecurity incidents, risk management and strategy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |