Sign up for more with a complimentary subscription to Today’s General Counsel magazine.
Board, C-Suite Warned: Cyber-Risk Is Your Issue
November 10, 2022
Cyber risk management is team sport, says a post from the World Economic Forum, but it warns that failed communication among team members is a potentially crippling problem. The writers quote a former SEC security advisor who laments that cybersecurity “gets lost in translation” when board and the c-suite personnel are engaged with IT or compliance executives, and as a result company leadership is left unsure of what it’s funding and what gaps remain. The importance of board and c-suite engagement was underscored, the writers note, by recent proposed rules from the SEC that would “enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident reporting by public companies…”
The WEF (best known by many for its annual Davos Forum) has teamed up with the National Association of Corporate Directors (NACD) to issue a report that pointedly couches cyber risk as a board issue. The WEF post also touts a cyber-risk reporting service that comes from company X-Analytics and is being promoted by NACD. The service provides quarterly reports that are said to highlight an organization’s financial exposure attributable to cyber risk, by relying on analytics similar to that used by the cyber insurance industry. As described on the NACD site, these reports detail such things as overall exposure to cyber risk, possible mitigation measures, and insights on “cyber risk transfer/cyber insurance, including ‘stress testing’ existing policies across a range of potential cyber incidents.”
Share this post: