Boards of directors need to play a more active role in protecting their organisation from cyber risks, according to a new study by the World Economic Forum.
Cybersecurity failure is a “clear and present danger” and critical global threat, yet responses from board directors have been fragmented, risks not fully understood and collaboration between industries limited, according to the World Economic Forum..
It says in a statement that the Principles for Board Governance of Cyber Risk Report provides a solution to this fragmentation and it is backed by leaders in digital risk and cybersecurity.
Created by the World Economic Forum, the National Association of Corporate Directors, the Internet Security Alliance and PwC, the report is the result of a year-long collaboration to find a cohesive, global and cross-border approach to cyber risk.
The expert-led team found there are six principles that apply to a wider audience of boards and management teams. The report shows how directors can increase their understanding of cyber risks and act quickly, incorporating cyber risk planning into overall company strategy.
“Without a principled foundation for understanding and governing cyber risk at the board level, risk responses have been piecemeal and security gaps have risen,” says Daniel Dobrygowski, of the World Economic Forum Centre for Cybersecurity.
“These principles provide much needed foundations for directors in any industry or geography. Cybersecurity is not just a technology problem; it is an economic and strategy issue crucial for boards to address given the current environment.”
The six principles are:
• Cybersecurity is a strategic business enabler.
• Understand the economic drivers and impact of cyber risk.
• Align cyber risk management with business needs.
• Ensure organisational design supports cybersecurity.
• Incorporate cybersecurity expertise into board governance.
• Encourage systemic resilience and collaboration.
These practices and approaches were further validated by members of the boards of some of the most advanced companies in the world.
Larry Clinton of the Internet Security Alliance says digital transformation is a business imperative.
“Organisations can’t compete unless they leverage modern cyber tools. But, the downside of digital transformation is increased cyber risk.
“Balancing the need to use modern technological tools and while managing cyber risk is one of the most difficult issues a modern board faces. These consensus principles provide the guidance boards need to properly supervise and direct their management teams.”
Peter R. Gleason of the National Association of Corporate Directors says boards have made gains in the last few years by recognising cyber as an enterprise risk, “but the challenges posed by rapidly changing cybersecurity threats require every company and every board to ensure cybersecurity programs are resilient”.
“This new resource, drawing on NACD and ISA guidance, offers corporate directors across the globe an effective blueprint to advance their cyber-risk oversight.”
To read the full report see https://www.weforum.org/reports/principles-for-board-governance-of-cyber-risk
