The article from Forbes outlines ten critical missteps that corporate boards make that leave their companies vulnerable to cybersecurity risks:
- Not adhering to established cybersecurity governance standards.
- Failing to see themselves as a critical part of cybersecurity governance.
- Misaligning cybersecurity risks with the audit committee’s responsibilities.
- There is a need to adequately govern the three types of digital risks: opportunity, cybersecurity, and systemic.
- Treating risks from complex digital systems as traditional enterprise risks.
- Lack of understanding of the business value impact of cybersecurity risks.
- Underestimating the resolve of U.S. regulators in enforcing cybersecurity governance.
- Not collaborating with Chief Information Security Officers (CISOs) as part of their team.
- Inadequate definition of boardroom responsibilities in overseeing digital and cybersecurity risks.
- There is an absence of directors with cybersecurity expertise on the board.