Industry Leaders Create First Unified Cybersecurity Guide for Boards of Directors

Published
23 Mar 2021
2021
Share

Amanda Russo, Public Engagement, arus@weforum.org, +41 79 392 6898

  • Boards of directors need to play a more active role in protecting their organization from the growing threat of cyber risks, and few fully understand the risks
  • A new study found six principles that can be applied across industries and geographies to help corporate boards advance their oversight of this systemic risk and call for the change needed to prevent future shocks
  • The World Economic Forum collaborated with the National Association of Corporate Directors and the Internet Security Alliance to produce Principles for Board Governance of Cyber Risk to help businesses become more resilient against cyber attacks.
  • Read the report

Geneva, Switzerland, 23 March 2021 — Boards of directors need to play a more active role in protecting their organization from cyber risks, according to a new study released today by the World Economic Forum. Cybersecurity failure is a “clear and present danger” and critical global threat, yet responses from board directors has been fragmented, risks not fully understood and collaboration between industries limited.

The Principles for Board Governance of Cyber Risk Report provides a solution to this fragmentation and it is backed by leaders in digital risk and cybersecurity. Created by the World Economic Forum, the National Association of Corporate Directors, the Internet Security Alliance and PwC, the report is the result of a year-long collaboration to find a cohesive, global and cross-border approach to cyber risk.

The expert-led team found there are six principles that apply to a wider audience of boards and management teams. The report shows how directors can increase their understanding of cyber risks and act quickly, incorporating cyber-risk planning into overall company strategy.

“Without a principled foundation for understanding and governing cyber risk at the board level, risk responses have been piecemeal and security gaps have risen,” said Daniel Dobrygowski, Head of Governance and Trust at the World Economic Forum Centre for Cybersecurity. “These principles provide much needed foundations for directors in any industry or geography. Cybersecurity is not just a technology problem; it is an economic and strategy issue crucial for boards to address given the current environment.”

The six principles are

  • Cybersecurity is a strategic business enabler;
  • Understand the economic drivers and impact of cyber risk;
  • Align cyber-risk management with business needs;
  • Ensure organizational design supports cybersecurity;
  • Incorporate cybersecurity expertise into board governance;
  • Encourage systemic resilience and collaboration.

These practices and approaches were further validated by members of the boards of some of the most advanced companies in the world.

“Digital transformation is a business imperative,” said Larry Clinton, President, Internet Security Alliance (ISA). “Organizations can’t compete unless they leverage modern cyber tools. But, the downside of digital transformation is increased cyber risk. Balancing the need to use modern technological tools and while managing cyber risk is one of the most difficult issues a modern board faces. These consensus principles provide the guidance boards need to properly supervise and direct their management teams.”

“Boards have made gains in the last few years by recognizing cyber as an enterprise risk, but the challenges posed by rapidly changing cybersecurity threats require every company and every board to ensure cybersecurity programs are resilient,” said Peter R. Gleason, Chief Executive Officer, National Association of Corporate Directors (NACD). “This new resource, drawing on NACD and ISA guidance, offers corporate directors across the globe an effective blueprint to advance their cyber-risk oversight.”

Global Technology Governance Summit 6-7 April
Media accreditation for the inaugural summit is now open. The meeting will take place on 6-7 April, with the Government of Japan's support. More than 500 leaders from business, government, civil society and media will participate. Frontier technology, the impact of tech policy, and industry transformation are just some of the topics covered. Media can sign up and receive embargoed content.

The World Economic Forum, committed to improving the state of the world, is the International Organization for Public-Private Cooperation.

The Forum engages the foremost political, business and other leaders of society to shape global, regional and industry agendas. (www.weforum.org).

All opinions expressed are those of the author. The World Economic Forum Blog is an independent and neutral platform dedicated to generating debate around the key topics that shape global, regional and industry agendas.

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum