San Francisco — Attorneys for U.S. Bank and Wells Fargo recently told an audience of cybersecurity experts that cyber has transitioned from a management function to a mandatory board-level governance responsibility, and one that the board must exercise to reduce legal and financial exposure.
The two also discussed the idea of boards participating in tabletop exercises, in which a bank’s security team practices what it would do in response to a realistic but fictitious cybersecurity incident. While the attorneys expressed general skepticism of the value of involving board members in tabletop exercises, they did offer alternatives to how the board could prepare for an incident.
The discussion came in the form of a panel at RSAC Conference, a leading cybersecurity conference held annually in San Francisco. The attorneys were Alison Atkins, chief cybersecurity and technology counsel at U.S. Bank, and Matt Greenberg, assistant general counsel and executive director of cybersecurity and incidence response for Wells Fargo.
Boards shifting to active governance on cyber
Board members are no longer just trying to determine if practitioners “have a handle” on things, according to Tom…
