Overseeing a company's IT initiatives, particularly the adequacy of cybersecurity, can be a challenging task for directors. The subject matter can be complex and involve highly technical jargon that is difficult to understand. Companies are also increasing their reliance on emerging technologies and these come with increased risks. The financial and business impact of a significant cybersecurity breach can be substantial to a company―including its brand.
For directors, it is critical to understand a company’s cybermetrics, which is the information and statistics that directors need to support a comprehensive view of a company’s IT infrastructure, risks, and strategy. Some companies (like those in energy and banking) may need to protect IT systems and data that are critical to our nation’s infrastructure. Some may use point-of-sale devices in operations, conduct transactions exclusively online, and allow customers and employees to access data via mobile devices. Others may share information with third-party suppliers, or various other activities that can increase cyberrisk. The right cybermetric reporting will differ depending on these variables.
There are many other considerations in determining the right cybermetrics to be reported to directors. To learn more on this topic, click here.