From: The Institute of Internal Auditors Research Foundation (IIARF) and ISACA
CONCLUSION
Cybersecurity will continue to pose a serious risk that the board needs to actively measure and continuously monitor as part of the organization’s strategy. The questions and action items outlined in this report serve as a benchmark to guide the board, but the onus is on the board to take its strategic role seriously in providing over-sight, implementing the plan, and becoming the fourth line of defense in cyber risk governance.
If the board is still not convinced, consider this: proxy adviser Institutional Shareholder Services (ISS) has urged shareholders to overhaul Target’s board in the wake of last year’s data breach. In a recent report, ISS recommended a vote against seven out of 10 directors “for failure to provide sufficient risk oversight” as members of the audit and corporate responsibility committees. Cybersecurity is no longer simply another agenda item for IT; it is an agenda item for the board as well.
Leave a Reply