Board members should be aware of their company’s cyber risks to ensure they steer the organisation in the right direction. But it’s not always straightforward.
Cybersecurity has traditionally been a subject that was which was dominated by technologists who worked in remote server rooms. Cybersecurity is now a business risk that affects every aspect of a business particularly in the wake of recent mega security breaches like those at Colonial Pipeline and Equifax.
Boards are now demanding more of their CISOs and security teams. Whether it’s increasing spending on new solutions or ensuring employees are properly trained, board members need an unambiguous and convincing understanding of how a well-trained security team can defend itself against the most sophisticated threats. And this message should be communicated in a manner that is easily understood by nontechnical executives in the boardroom.
One way to accomplish this is by using real-time metrics and aligning security with business objectives. Through regular communication that highlight the progress of your security measures, a lowering risk index, as well as other important indicators, you can provide the board the information they require to guide decisions. Another approach is to narrate the impact, not just pass on numbers, tell a story. You can show your board members how their quick actions averted an important threat by presenting a true instance.
www.greatboardroom.com/recommendations-on-being-a-better-nonprofit-board-member/