Newsweek Op-Ed: Oversight of the Management of Cybersecurity Risks: The Skill Corporate Boards Need, But, So Often, Do Not Have
Published on
Despite both a decades-long barrage of media reports of cyberattacks wreaking havoc on the public sector and private sector alike, and despite clear indications from the United States Securities and Exchange Commission (SEC) that corporate boards must be able to oversee the management of cyber-risk by their respective organizations, when to comes to actually delivering on their fiduciary duty as related to cybersecurity, today’s corporate boards often fail to perform as needed and as intended.
It is not hard to explain why corporate boards perform sub-optimally when it comes to the world of cyber-risks – and, in many cases, I am being overly gracious and generous with my use of the word “sub-optimally” to describe board performance – not only is cybersecurity a relative newcomer to the list of major risks confronting businesses – meaning that business leaders in general have far less relevant experience managing cyber risk than they do vis-à-vis most other forms of material risk – but the…
