Added Perspective

A Tool to Help Boards Measure Cyber Resilience

October 13, 2023

By Keri Pearlson

By now most boards know that cybersecurity is a business risk that they must oversee and ensure proper mitigations are in place. In an earlier article, we described the conversations the boards must have to perform this role. We made a case for discussing cyber resilience instead of cyber protection. Organizations cannot protect themselves enough to simply rely on additional investments in protection. Certainly, protecting assets, systems, and data is critically important, but as continued headlines have shown, focusing on protection is just not enough. Companies, and the boards that oversee them, have failed to find the right way to be protected enough (as evidenced by the constant headlines sharing the latest innovative breach on the under protected organization). Instead, we advocate that boards must have conversations about resilience, not just about protection.

 

Keri Pearlson is the executive director of the research consortium Cybersecurity at MIT Sloan (CAMS). To read her full article in Harvard Business Review, click here.

 

 

Most Read

10 Things
10 Things...to know about BDCs

Congress created business development companies in 1980 to support job growth and help emerging companies raise funds. As of 2023, there were 139 BDCs with $312 ...

Top of the Agenda - Succession
Vanguard nominates two, as two hit retirement

The Vanguard board expects to add two new independent directors in early 2025 to fill seats that will be vacated when two long-serving independents retire. The ...