Added Perspective

Cybersecurity and the Board of Directors

August 2, 2016

By Joseph Abrenio, Delta Risk LLC

A spate of high-profile, high-impact cyber breaches at several of the largest financial institutions in the United States has brought attention to a point that cybersecurity professionals have long taken as an article of faith: Boards of directors need to take an active role in the management of cyber risk. Yet, there are several factors that tend to prevent effective engagement in cybersecurity risk at the board level.


These factors define the challenge that banks and other financial institutions can no longer ignore:


  • In financial services, leaders rarely have an independent understanding of cybersecurity.
  • Cybersecurity risks do not fit well in financial services risk management frameworks and approaches.
  • Cybersecurity is frequently seen as a “technology” problem for the IT department to solve.
  • There is a communications gap between business leaders and cybersecurity practitioners.


In his recent white paper, "Cybersecurity and the Board of Directors: An essential responsibility in financial services," Joseph Abrenio (pictured), vice president of commercial services for Delta Risk LLC, offers his perspective on how boards should engage in the management of cybersecurity risks. He stresses four priority activities:


  • Providing cybersecurity training specifically for board members
  • Incorporating cybersecurity into the statement of risk appetite
  • Integrating cybersecurity with enterprise risk management
  • Establishing a culture of cybersecurity throughout the organization


To access the white paper, click here



Most Read

Top of the Agenda - Governance
Directors: Focus on prospectus for ESG funds

Environmental, social, and governance investing has been a huge topic of discussion in the mutual fund industry over the past several years, including in fund boardrooms. ...