Added Perspective

Cybersecurity and the Board of Directors

August 2, 2016

By Joseph Abrenio, Delta Risk LLC

A spate of high-profile, high-impact cyber breaches at several of the largest financial institutions in the United States has brought attention to a point that cybersecurity professionals have long taken as an article of faith: Boards of directors need to take an active role in the management of cyber risk. Yet, there are several factors that tend to prevent effective engagement in cybersecurity risk at the board level.


These factors define the challenge that banks and other financial institutions can no longer ignore:


  • In financial services, leaders rarely have an independent understanding of cybersecurity.
  • Cybersecurity risks do not fit well in financial services risk management frameworks and approaches.
  • Cybersecurity is frequently seen as a “technology” problem for the IT department to solve.
  • There is a communications gap between business leaders and cybersecurity practitioners.


In his recent white paper, "Cybersecurity and the Board of Directors: An essential responsibility in financial services," Joseph Abrenio (pictured), vice president of commercial services for Delta Risk LLC, offers his perspective on how boards should engage in the management of cybersecurity risks. He stresses four priority activities:


  • Providing cybersecurity training specifically for board members
  • Incorporating cybersecurity into the statement of risk appetite
  • Integrating cybersecurity with enterprise risk management
  • Establishing a culture of cybersecurity throughout the organization


To access the white paper, click here



Most Read

CCO Insight
CCOs see bigger pay bump in 2017

Mutual fund chief compliance officers received significant bumps in pay in 2017, according to new data from Management Practice Inc. On average, fund CCO compensation packages ...