Industry leaders create security guide for boards of directors

Boards of directors need to play a more active role in protecting their organizations from cyber risks, according to a guide released this Tuesday, 23, by the World Economic Forum. The cybersecurity flaw is a “clear and present danger” and a critical global threat, but the responses of board directors have been fragmented, risks not fully understood and collaboration across industries limited, says the Cyber ​​Risk Report – Principles for Board Governance.

The guide, which provides guidance for avoiding this fragmentation, is supported by leaders in digital risk and cybersecurity from various global organizations. Prepared by the World Economic Forum in conjunction with the National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA), with PwC project consultancy, it is the result of the work of a collaborative group, which it took about a year to find a cohesive, global and international approach to cyber risk.

The group, led by experts, found that there are six principles that apply to a broader range of boards of directors and management teams. The report shows how directors can increase their understanding of cyber risks and act quickly, incorporating cyber risk planning into the company’s overall strategy.

“Without a foundation of principles for understanding and managing cyber risk at the board level, risk responses have been gradual and security gaps have widened,” said Daniel Dobrygowski, head of governance and trust at the Economic Forum’s Cybersecurity Center Worldwide. “These principles provide the necessary foundation for directors, in any sector or region. Cybersecurity is not just a technology problem; it is a crucial economic and strategic issue for the councils to address, given the current environment ”, he emphasized.

The six principles established by the working group are:

• Cybersecurity is a facilitator of strategic business;
• Understand economic drivers and the impact of cyber risk;
• Align cyber risk management with business needs;
• Ensure that organizational design supports cybersecurity;
• Incorporate cybersecurity expertise into board governance;
• Encourage systemic resilience and collaboration.

These practices and approaches were later validated by members of the boards of directors of some of the most advanced cybersecurity companies in the world.

ISA President Larry Clinton noted that digital transformation is a business imperative today. “Organizations cannot compete unless they use modern cyber tools. However, the disadvantage of digital transformation is the increase in cyber risk. Balancing the need to use modern technological tools while managing cyber risk is one of the most difficult issues facing a modern board of directors. These consensus principles provide the necessary guidance advice to properly supervise and direct your management teams. ”

“Boards have made gains in recent years by recognizing cybersecurity as a business risk, but the challenges posed by rapidly changing cybersecurity threats require all companies and boards to ensure that cybersecurity programs are resilient,” he said. Peter R. Gleason, CEO of NACD. “This new feature, based on NACD and ISA guidelines, offers corporate directors worldwide an effective plan to advance their cyber risk oversight.”