Board members have a fiduciary responsibility to establish and oversee business policies and practices that drive their company’s performance and growth. Part of this responsibility is understanding their company’s cybersecurity, which is indelibly linked to the company’s value and valuation.
While in the past cybersecurity was primarily viewed as an IT issue, most have begun to understand the importance of cybersecurity in the business context, as well as the need to translate technical risks into business risks in order to bridge the gap between strategic business acumen and complex technical know-how. While members of the board may not fully grasp the intricacies of cybersecurity, they need to understand the business impact that a cyber breach can have on the organization, what the organization’s cyber risk exposure means in terms of dollars and cents as well as the legal and reputational fallout that may result. In order to do this, they need to educate themselves and learn how to ask the right questions.