CISO Trainings , Governance & Risk Management , Leadership & Executive Communication

Are Boardrooms Ready for Today's Cyber Challenges?

Security Leaders Discuss Board Strategies During ISMG's Cybersecurity Summit
Are Boardrooms Ready for Today's Cyber Challenges?
Bhimaraya Metri, director, Nagpur-based Indian Institute of Management

A modern board of directors has no option but to immerse itself in today's cybersecurity and threat landscapes to spearhead enterprisewide cyber defense and mitigation strategies, said Bhimaraya Metri, director at the Nagpur-based Indian Institute of Management.

See Also: New Approaches to Solving the Cybersecurity Talent Shortage

Addressing a gathering of information security professionals and enterprise leaders at Information Security Media Group's Cybersecurity Summit: Mumbai on Wednesday, Metri covered the top challenges that board members must address to lead cybersecurity priorities for the organization.

He said that in today's age of frequent technological disruptions, technology leaders and professionals have to routinely reskill and upskill themselves to remain relevant, and the same goes for the board. Board members must educate themselves about cybersecurity challenges, the impact on an organization's operations and how the threat landscape could evolve in the years ahead.

"Cybersecurity has become a new dimension for organizational boards. There is an increasing importance of understanding cybersecurity as a substantive, enterprisewide business risk," he said. The World Economic Forum's 2023 Global Risk report ranked cybersecurity as one of the top 10 risks globally, he said, adding that cybercrime-related costs could touch $10.5 trillion annually and the board must guard against losses and reputational damage.

India enacted its first-ever Digital Data Protection Act this year, mandating organizations to implement data protection and data privacy controls and processes. Industry groups have recommended better practices, but this is the first time boards are mandated by law to implement them.

Metri said the new data protection law immediately turned cybersecurity into a core concern for board members at Indian organizations, in addition to government regulators who are requiring boards to take the responsibility for cyber defense action plans. For instance, the Reserve Bank of India recently announced regulations to mandate board members to receive cyber awareness training and education.

According to Metri, board members historically have relied on senior information security leaders such as CIOs and CISOs for information on cybersecurity matters, but it is now time for boards to have at least one member who is an information security expert.

A board member experienced in cybersecurity can ask CISOs the right questions, appreciate the risks posed by certain cybersecurity weaknesses and threats, and allocate the right amount of funding to cybersecurity.

Metri said the board must include cybersecurity on its agenda during its meetings, focus on educating itself about the latest threats and risks and, if possible, set up risk management committees that can oversee cybersecurity matters on its behalf.

"There is no substitute for proper preparation, deliberation and engagement on cybersecurity issues," Metri said, adding that the board must address many existing concerns that have so far prevented it from taking a lead in shaping the organization's approach towards cybersecurity.

For example, the board must consider whether it has purchased adequate cyber insurance. Does it have visibility over the business impact of cybersecurity events, is there a well-defined ownership of cybersecurity at the board level, and is there a data governance office to maintain visibility of the data the organization collects, processes and shares with other parties?


About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.