The Boardroom Gap: How to Close the Gap Between Board Priorities and Actions

Cybersecurity governance is becoming a important issue for boards as cyber-attacks become more expensive and disruptive for companies. Some boards add cybersecurity expertise as a new director’s skill to their rosters. Others rely on contractors and third party service providers to bring cybersecurity expertise to the boardroom. Some are even employing an unpopular https://greatboardroom.com/does-your-board-need-an-entrepreneur/ method of hiring hackers from the red team to test the company’s systems and determine where their vulnerabilities lie.

There is a disconnect between the goals boards announce and the actions they do to achieve their goals. Our research has shown that only 69% of board members are regularly in contact with their CISOs. A significant proportion of these board members communicate with their CISOs when they are presenting to the board. These gaps must be eliminated to ensure that the boardroom has sufficient transparency and discussion about cybersecurity risk.

To bridge the cybersecurity gap, it is crucial to ensure that cybersecurity is an integral part of every board and to get directors involved in meaningful discussions about the risks they face. This means changing the manner the conversation is conducted in the boardroom. For example, adding an agenda item for cybersecurity and pre-read materials to be used in meetings to have deeper discussions about cybersecurity issues. It is also important to make cybersecurity a top priority for the board and to create a security-minded business culture through the tone of voice from the top and rewards for those who speak up regarding the risks.