Principles for Board Governance of Cyber Risk
Cyber risk is among the top risks facing businesses today, and it has become clear that boards, especially, need stronger foundations to govern cyber risks effectively. Companies that effectively manage the entire portfolio of risks, including cyber, do better in the marketplace. This paper is designed as a reference for corporate directors as they set their organization’s cybersecurity strategy and engage with stakeholders on the issue of cyber risk. Building on existing guidance and developed in cooperation with the National Association of Corporate Directors, the Internet Security Association, and Forum partners, it offers six consensus principles for cybersecurity board governance. It provides advice and suggests critical actions that directors may find useful as they seek to understand their organization’s current position, exercise their oversight function and set future goals.
Cyber risk is among the top risks facing businesses today, and it has become clear that boards, especially, need stronger foundations to govern cyber risks effectively. Companies that effectively manage the entire portfolio of risks, including cyber, do better in the marketplace. This paper is designed as a reference for corporate directors as they set their organization’s cybersecurity strategy and engage with stakeholders on the issue of cyber risk. Building on existing guidance and developed in cooperation with the National Association of Corporate Directors, the Internet Security Association, and Forum partners, it offers six consensus principles for cybersecurity board governance. It provides advice and suggests critical actions that directors may find useful as they seek to understand their organization’s current position, exercise their oversight function and set future goals.