Boardroom oversight of Cyber is rapidly becoming a business imperative given the increasing pressure from Regulators and ongoing Cyber attacks. A report this year by the World Economic Forum highlights the ‘key role that business leadership must play’ to ‘ build a more effective Cyber strategy and incorporate it into overall strategic thinking.’ However, it also noted that becoming Cyber resilient is gaining traction relatively slowly amongst many Board members. This is still surprising given Boards are increasingly being held to account for security breaches, with Cyber risk having the potential to be a ‘tail risk’ provoking irrecoverable damage to reputation and the ability to operate as a successful business.
One of the key reasons for this may be the traditional misconception that Cyber Security is the remit of the IT function. However, whilst this is beginning to change, with organisations starting to cite Cyber Security as one of their top business risks, there is also acknowledgment that many Board members do not have sufficient knowledge or expertise to address this area and provide effective oversight.