CybersecurityBannerFin - Cybersecurity in Finance
Mouse Scroll Icon
June 2022

Cybersecurity: What role does the board play?

Do you and your organization need a cyber committee? Do you have policies in place that are regularly updated to keep you, your company, customers, employees, and investors safe?
What is phishing? DDoS attacks? Ransomware?

Why must boards be aware of these terms, and what can they do to ensure a cyber-secure organization?
If you know and understand the ABCs of cybersecurity—then congratulations, you are in the top quartile. Long gone are the days when all forms of security concerns would be directed to one team. Having your CISO or your Chief Information Security Officer part of your board meetings today is relevant, required, and deemed a best practice. 

But how do you, as the board, ensure the successful integration of cybersecurity measures for the benefit of all involved shareholders? 

My most recent Coffee Chats roundtable conversation with leading women executives answers these pertinent questions and more—without it sounding too overwhelming. 
Most Common Cyberattack Threats 

  • DDoS Attack: Distributed Denial of Service Attacks are designed to disrupt a website or network by bombarding it with traffic. Hackers can use these attacks for revenge, extortion, and financial and political gain.
  • Phishing Attack: socially engineered attacks used to steal user data, including login credentials, credit card numbers, etc.
  • Ransomware: According to the IDC, 37% of global organizations were victims of some form of a ransomware attack—a type of malware that employs encryption to hold a victim’s information at ransom.

 What Boards and the Management can do to Navigate Cybersecurity 

  • Ask the right questions if you are not well-versed on the topic. That’s step one to ensuring cybersecurity is placed high on the board meeting agenda. 
  • Form a new committee dedicated to addressing these threats. Ensure CSOs/CISOs and relevant advisors form part of your board.
  • Advise and make risk-based decisions while defining the right policies that protect the company, customers, employees, investors, and you. 
  • Encourage transparency to ensure the long-term reputation of the board. 
  • Request regular meetings to stay updated with top security leadership. 
  • Measure the progress you have made in mitigating the risks as you review and discuss your organization’s security game plan.

Cybersecurity is not going away—in fact, there is an increasing thrill around the highs and lows attached to the business. The board and the management must take it seriously today—at an organizational and personal level—to be better prepared for an even more technologically evolved tomorrow.

Nancy Albertini
Global Board Practice Leader