Don't put cybersecurity on CISOs' shoulders –– Why board members aren't doing enough

Corporate board members should be held more accountable to verify cybersecurity risks and ask questions about cyber efforts, governance experts told The Wall Street Journal

While board members say they are move informed, they often fail at asking specific questions on management. Additionally, board members don’t demand metrics to measure the effectiveness of cybersecurity efforts, according to speakers at the National Association of Corporate Directors. 

Rather than simply putting all cybersecurity efforts into the hands of the chief information security officers, all directors and executives need to take on more responsibility. 

Starbucks’ CISO David Estlick recommends directors quiz their security teams and business executives about cybersecurity processes and procedures. This, he says, can change the company’s culture. 

Abhi Shah, vice chairman of legal consultancy Morae Global Corp., recommends boards and executives vet the information they are given by hiring outside firms to conduct penetration tests. 

“There’s a lot of patting ourselves on our backs that we’ve gotten this far,” said Valerie Abend, managing director of Accenture’s security division, according to WSJ. “If you think the CISO alone is going to protect our organization, you’re mistaken.” 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars