BoardroomDirect ®

Update on the current board issues: August 2014

Inside this edition

Changing message and messenger may be a way to improve cybersecurity dialogue

As cybersecurity has risen to the top of many boards’ risk management agendas, there is a more compelling need for clear dialogue between the C-suite and the board.

Some directors report they are frustrated because they are not getting the information they need from the CIO or CISO to appropriately assess the company’s cyber risks, according to Charles Beard, a principal in PwC’s forensics practice. He is a former senior vice president and general manager of cybersecurity at Science Applications International Corp.

“One way to address this issue is to change the message from one focused on the technical aspects of the company’s approach to one focused on oversight of a comprehensive and multi-disciplinary cybersecurity program,” Beard said. He also suggests that the person delivering this program-focused message should be someone who can more easily communicate it to the board in contextual risk terms.

Why should a company have such a program? As regulators and plaintiffs in civil lawsuits take increasing interest in companies’ cyber operations and duties, IT budgets reflect a “do-more-with-less” approach, digital devices proliferate and network access becomes pervasive. Effective risk management is required to manage these increased vulnerabilities. A formal comprehensive risk management program acknowledges the reality that companies are inextricably linked to all things digital and that breaches are an increasing threat.

Read more.

Download a PDF version of BoardroomDirect

This month's headlines

Issues in brief

Audit committee issues

Resources, webcasts and events