The Boardroom Gap: How to Close the Gap Between Board Priorities and Actions

As cyber attacks become more costly, disruptive, and a threat to businesses cybersecurity governance is quickly becoming a boardroom priority. Some boards are introducing a new director’s expertise in cybersecurity to their board rosters, and others are using contractors and third-party service providers to bring cyber risk expertise into the boardroom. Some boards are using the controversial practice of hiring red-team hackers to test their systems and determine the areas where they’re vulnerable.

There is a gap between the goals boards state and what they do to attain these goals. Our research has revealed that just 69 percent of board members claim they regularly interact with their CISOs and a large proportion of those only interact with their CISOs during board meetings. These gaps must be filled to ensure the boardroom is able to have a dialogue and see cybersecurity threats.

To bridge the cybersecurity gap, it’s essential to include cybersecurity as an integral component of every board and to get directors involved in meaningful discussions regarding the threats they confront. This involves changing the way the discussion takes place in the boardroom. For example, adding an agenda item on cybersecurity as well as pre-read material to be used in meetings to have deeper discussions about cybersecurity issues. It is also necessary to make cybersecurity a board-wide priority, and creating a security-minded business culture through tone from the top and rewarding those who raise risk awareness and consequences for the entire management team.

this article