Discussion about cyber security is emerging from its seclusion within the IT department. More and more, it is also taking place in the corporate boardroom.
According to a recent survey by the ISACA, 82 percent of corporate board members believe that cyber security is a major concern. As data breaches rise in frequency and severity, organizational leaders increasingly realize that the problem must be put front and center of any risk management initiatives.
The increased interest in mitigating cyber risk is an improvement. However, boards of directors face a challenge in moving from concern to action, and actually tackling the problem. Many board members have limited experience with cyber security, and thus companies may lack the internal resources to strategically ingest information and develop a plan.
Today, we want to present four questions that every board of directors should ask itself about the organization’s cyber security situations. Finding answers to these questions should help directors get moving in the right direction to enhance their cyber security efforts.
4 Questions for Your Board of Directors
- What’s at risk? The answer to this question may seem obvious, but understanding your organization’s risk is not as simple as saying “we need to protect our data.” It’s critical for companies to know their systems and assets, set their priorities and understand their vulnerabilities. Auditing systems and assessing risks is an important step.
- How should we respond? Attacks are common these days, and an essential part of managing risk is preparing for the response. How you respond can greatly reduce (or exacerbate) short- and long-term costs.
- Who’s in charge? Executive leadership is necessary for putting cyber security plans into action and keeping them moving along. Directors should set expectations for executive leaders to enhance cyber security and report back regularly to the board of directors.
- Internal or outsourced? Larger organizations may be able to afford internally building out sophisticated security operations centers. For smaller firms, managed security services — provided by third-party specialists — are a great option to introduce state-of-the-art security.
Lunarline offers expert security consulting and managed security services to help organizations build and enhance their programs. To learn more about us, visit us online or contact one of our experts today.