Hardly a day goes by in legal and consultant circles when some expert somewhere is not opining on the need for corporate boards to exercise some manner of cybersecurity oversight. While opinions vary, everyone seems to agree that corporate boards need to bring a greater sense of urgency to address the growing business risk of cyber-attacks.
Yet, even the most experienced commentators are underestimating the threat of cyber-attacks, and, even more importantly, are overlooking a glaring history lesson that sits in plain view. As a result, these expert recommendations are unfortunately missing their mark.
What is this conspicuous history lesson? Boards of directors formulating their cybersecurity oversight should look no further than the current board oversight paradigm for financial accounting and reporting. Boards should put in place the same governance procedures to oversee a corporation’s cybersecurity wellness that have proven effective and sufficiently flexible to assess and validate financial statement accuracy and reliability.
via Boards of Directors and Cybersecurity: Applying Lessons Learned From 70 Years of Financial Reporting Oversight — Cybersecurity Docket