The Board’s Role in Cyberrisk Management

Risk Management Magazine

PUBLISHED ON: June 1, 2023

Download PDF

Directors and officers have an ever-growing set of responsibilities when it comes to cyber safety for the organization. New laws are being implemented more rapidly, and existing regulatory frameworks are being enhanced to that effect. Protections for investors, depositors, consumers, patients and employees have become a priority for federal and state authorities, including the Securities and Exchange Commission (SEC), Federal Trade Commission (FTC), New York’s Department of Financial Services (NYDFS), the California attorney general and other authorities in the United States and around the world.

A recent Wall Street Journal poll of 1,000 of the Russell 3000 companies reported that only 15% of boards have a cybersecurity expert. Forthcoming SEC and NYDFS rules are expected to establish a new level of cybersecurity expertise required for corporate managers and directors. Cybersecurity can no longer be delegated to the IT department. Instead, the board’s fiduciary duty to supervise the cybersecurity program will become more pronounced, and post-incident litigation more likely. Thus, a fundamental working knowledge of cybersecurity on the board—which these proposed rules directly require—can abate potential liability and loss resulting from cyberrisks.


To read this full article, click here or download PDF