A spate of high-profile, high-impact cyber breaches at several of the largest financial institutions in the United States has brought attention to a point that cybersecurity professionals have long taken as an article of faith: Boards of directors need to take an active role in the management of cyber risk. Yet, there are several factors that tend to prevent effective engagement in cybersecurity risk at the board level.
These factors define the challenge that banks and other financial institutions can no longer ignore:
- In financial services, leaders rarely have an independent understanding of cybersecurity.
- Cybersecurity risks do not fit well in financial services risk management frameworks and approaches.
- Cybersecurity is frequently seen as a “technology” problem for the IT department to solve.
- There is a communications gap between business leaders and cybersecurity practitioners.
In his recent white paper, "Cybersecurity and the Board of Directors: An essential responsibility in financial services," Joseph Abrenio (pictured), vice president of commercial services for Delta Risk LLC, offers his perspective on how boards should engage in the management of cybersecurity risks. He stresses four priority activities:
- Providing cybersecurity training specifically for board members
- Incorporating cybersecurity into the statement of risk appetite
- Integrating cybersecurity with enterprise risk management
- Establishing a culture of cybersecurity throughout the organization
To access the white paper, click here.