The article from Forbes outlines ten critical missteps that corporate boards make that leave their companies vulnerable to cybersecurity risks:

  1. Not adhering to established cybersecurity governance standards.
  2. Failing to see themselves as a critical part of cybersecurity governance.
  3. Misaligning cybersecurity risks with the audit committee’s responsibilities.
  4. There is a need to adequately govern the three types of digital risks: opportunity, cybersecurity, and systemic.
  5. Treating risks from complex digital systems as traditional enterprise risks.
  6. Lack of understanding of the business value impact of cybersecurity risks.
  7. Underestimating the resolve of U.S. regulators in enforcing cybersecurity governance.
  8. Not collaborating with Chief Information Security Officers (CISOs) as part of their team.
  9. Inadequate definition of boardroom responsibilities in overseeing digital and cybersecurity risks.
  10. There is an absence of directors with cybersecurity expertise on the board.