Now corporate boards have responsibility for cybersecurity, too
MIT News
|
Contributed by: Drex DeFord
Summary
The U.S. Securities and Exchange Commission (SEC) now mandates public companies to disclose the cybersecurity expertise present within their boards of directors, aiming to enhance oversight and management of cyber risks. This regulatory change underscores the growing importance of cyber resilience amid increasing data breaches and emphasizes the role of board members in ensuring organizations are prepared for cyberattacks. Keri Pearlson's research highlights the shift from a protection-oriented cybersecurity approach to one focused on resilience, proposing the adoption of a Board Level Balanced Scorecard for Cyber Resilience (BSCR) to facilitate strategic discussions on cyber risk management. This scorecard helps quantify and address risks across technology, financial, organizational, and supply chain dimensions, aiming to foster a more resilient business approach to cyber threats. Pearlson also advocates for executive education to bolster non-technical leaders' understanding of cybersecurity, emphasizing the need for boards to foster cyber resilience rather than solely focusing on preventive measures.