Added Perspective

A Tool to Help Boards Measure Cyber Resilience

October 13, 2023

By Keri Pearlson

By now most boards know that cybersecurity is a business risk that they must oversee and ensure proper mitigations are in place. In an earlier article, we described the conversations the boards must have to perform this role. We made a case for discussing cyber resilience instead of cyber protection. Organizations cannot protect themselves enough to simply rely on additional investments in protection. Certainly, protecting assets, systems, and data is critically important, but as continued headlines have shown, focusing on protection is just not enough. Companies, and the boards that oversee them, have failed to find the right way to be protected enough (as evidenced by the constant headlines sharing the latest innovative breach on the under protected organization). Instead, we advocate that boards must have conversations about resilience, not just about protection.


Keri Pearlson is the executive director of the research consortium Cybersecurity at MIT Sloan (CAMS). To read her full article in Harvard Business Review, click here.



Most Read

10 Things
10 read in summer 2024

It's the Summer Solstice, and that means that for most of us the sun is shining, temperatures are heating up, and longer days allow for pursuits ...

Top of the Agenda - Compensation
Fund board pay increases in 2023, MPI survey says

Independent mutual fund directors saw an increase in compensation in 2023, on average, although actual compensation levels and percentage adjustments in compensation continue to vary widely ...