When it comes to cyber security, what are the most important things that board members need to be able to understand to effectively oversee cyber risk management?

Board EngagementSecurity & GRCSecurity Strategy & Roadmap
8k views1 Upvote7 Comments
Sort By:
Oldest
CIOa year ago
This is not going to answer the question directly, but it never ceases to amaze me how many organizations do not have a comprehensive understanding of their compute/network/storage infrastructure and its interconnections/dependencies on external providers.  If you do not understand your terrain, it is impossible to effectively oversee and/or manage your cyber risk. So as a board member, I would want to know if the organization has an up-to-date authoritative source of truth that comprehensively documents and monitors change in the infrastructure.
Director of IT9 months ago
Risk tolerance.  without an understanding of that everything will look like the sky is falling.  
CISO in Energy and Utilities5 months ago
Speak to the board in the language that the business speaks in. Don't inundate them with IT or mind-numbing cybersecurity statistics. The best advice I ever received about dealing with the board was to meet with them individually. Get to know them and understand their level of knowledge. Give them a chance to ask the questions they've always wanted but were afraid to ask, then watch what happens at the next board meeting. They will ask the same questions that the two of you talked about… It makes you look like a genius and them as well. It's like any other executive interaction, relationships matter. 
1 1 Reply
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CISO in Software5 months ago

Agree with Nikk - you MUST speak in the vernacular and business focus of the organization. When you can articulate the impact on the actual specific business elements, you will be able to drive the right results.

1
CIO5 months ago
a. Board members should remain abreast of emerging technologies and their implications for cyber security, ensuring alignment between technological innovations and risk management strategies.

b. Board members should actively promote and cultivate a culture of security throughout the organization, emphasizing the collective responsibility of all stakeholders in safeguarding sensitive information and assets.

c. Consideration should be given to procuring cyber insurance coverage as a means of mitigating financial risk associated with cyber incidents, complementing the organisation’s overall risk management strategy.
Director of IT in IT Services5 months ago
In my personal view, board members must grasp the severity of cyber threats, understand the organization's risk posture, and support robust cyber risk management strategies.

Content you might like

What’s on your IAM roadmap for the next 18-24 months?

Identity & Access Management (IAM)Threat & Vulnerability ManagementSecurity Strategy & Roadmap
Director of IT in IT Services4 days ago
Implementation of Zero trust architecture, its modules across the organisation is a priority for us. So, we will be implementing zero trust strategies in IAM, inline with overall strategy.
1.4k views1 Comment

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

How can CISOs influence (or perhaps even contribute to) the business’s AI adoption strategy?

Security Strategy & RoadmapSecurityDisruptive & Emerging Technologies+3 more
CISO in Manufacturinga month ago
CISOs have a unique opportunity to proactively shape their organization's AI adoption strategy, Because AI adoption is either in the process of emerging or companies that have already gone down a path are readjusting their ...read more
1
Read More Comments
701 views6 Comments