Hardly a day goes by in legal and consultant circles when some expert somewhere is not opining on the need for corporate boards to bring a greater sense of urgency to address the growing business risk of cyber-attacks. Yet, even the most experienced commentators are underestimating the threat of cyber-attacks, and—even more importantly—overlooking a glaring history lesson that sits in plain view of public companies.
What is this conspicuous history lesson? Boards of directors formulating their cybersecurity oversight should look no further than the current board oversight paradigm for financial accounting and reporting. Boards should put in place the same governance procedures to oversee a corporation’s cybersecurity wellness that have proven effective and sufficiently flexible to assess and validate financial statement accuracy and reliability.
