Board Advisory Services
Experiencing a corporate cyber-attack is not a matter of “if” but “when” and boards of directors are quickly realizing that cybersecurity risk, formerly the problem of corporate IT executives, has suddenly become fertile boardroom territory.
Yet cyber attacks can be extraordinarily complicated and, when identified, require a large effort and costly and detailed responses. Items such as digital forensics and investigation, notification of a broad range of third parties and other constituencies, fulfillment of provincial and federal compliance obligations, potential litigation, and more. And besides the more expected problems with workflow, a company can be exposed to other even more intangible costs as well, including temporary or even permanent reputational and brand damage; loss of productivity; extended management fatigue; and a negative impact on employee morale and overall business performance.
So what is the role of a board of directors amid all of these complexities? Corporate directors clearly have a fiduciary duty to understand and oversee cybersecurity, but there is no need for board members, many of whom have limited IT experience, to worry. Cybersecurity engagement for members of the board does not mean that board members need to have computer science degrees or personally supervise firewall implementation or intrusion detection system rollouts. Instead, board oversight of cybersecurity entails, most importantly, asking the right questions and being thoughtful, deliberative and informed about cybersecurity and its attendant risks.
Do you need Board Governance advice?
Let RiskAware help you to meet your cybersecurity-reltated fudiciary obligations.
By partnering with RiskAware, a board of directors can instantaneously meet its cybersecurity-related fiduciary obligations and oversight responsibilities, and draw upon more than 20 years of cybersecurity and data breach response experience, expertise and independence.