Cyber and technology risk must be governed in any modern organization. Leaders need a baseline understanding of the key issues in cybersecurity and require guidance in order to take action on cybersecurity and cyber resilience strategy. Where cyber strategy is a key component of business strategy, and where cybersecurity issues threaten organizations’ reputation and trust between all players in an ecosystem, leaders need tools and guidelines in order to fulfill their obligations. Organizations also need support in ensuring that information flows from cybersecurity managers up to business leaders in order to adequately assess and govern this new risk.
The Cybersecurity Risk Governance body of work builds off of our Cyber Resilience series of workstreams and the 2017 report Advancing Cyber Resilience: Principles and Tools for Boards to continue fostering leaders’ awareness, support a community of cyber-aware leaders to champion cybersecurity as an organizational priority, and develop the tools necessary for leaders to govern these new risks. In collaboration with the National Association of Corporate Directors (NACD) and Internet Security Alliance (ISA), the project will develop updated guidance for the corporate governance of cyber risk. In addition, this project will provide the corporate governance tools which will be tested and piloted in specific sectors to help accelerate the adoption of these best practices.