An organization’s board does not only have a key responsibility for securing information assets, but they are in the best position to effectively allocate and steer resources towards cyber security. We review a standard model for board responsibility and we describe our Cyber in the Boardroom methodology that addresses each facet of the model. Finally, we present research on the current state of reporting cyber resilience aspects in annual reports, one of the responsibilities of the board in our methodology.
As the number, impact and media coverage of cyber security incidents have grown in recent years, investors, governments, and global regulators are increasingly challenging board members to demonstrate diligence in the area of cyber security. Regulators expect personal and sensitive information to be protected and systems to be resilient to both accidents and deliberate attacks; value chain partners expect a trustworthy and transparent approach to risks; and customers expect that services are available and that their data is protected when stored or processed by organizations
Source: Compact 2016-3