All Hands On Deck — Why Cyber Risk Governance Spans Whole Enterprise
Cyber security is not an IT problem; it’s a business problem across the organization.
Christopher P. Skroupa: As a starting point, let me ask you, what do you see boards doing now to provide cyber risk oversight, and what are the questions you’re hearing from them?
General Don Cook: Board members like myself get reports from CISOs and CIOs, and while they try to give us good information, there’s often this feeling that you’re not getting the full scoop. That uneasiness makes me question whether I’m fulfilling my duty of care as a director when I don’t trust that I have command of the situation. However, with so much publicity regarding cyber risk, boards may be demanding more.
Mike Shultz: Not only may they demand more, they should demand more. Cyber risk governance is a critical business issue. Cyber risk and liability can be financially devastating to a company, so this issue is rising to the top with directors. Boards are often presented with highly technical reports that are not clearly connected to business risk. This is not an IT problem; it’s a business problem across the organization. With so many high-profile examples of cyber attacks, boards are becoming more concerned with understanding cyber risk and assessment programs of the organization.