Board members should be aware of the cyber risks that their company faces to ensure they steer the company in the right direction. But it’s not always straightforward.
Traditionally, cybersecurity has been an area of expertise for technologists working in remote server rooms. After the repercussions of massive security breaches such as Equifax and Colonial Pipeline, however, it’s been made evident that cyber risks are a real and present business risk that impacts every aspect of an organization.
Boards are now demanding more of their CISOs, as well as their security teams. If it’s increasing the amount of money spent on new technology or making sure that employees receive the proper training Board members need an unambiguous and convincing understanding of how a well-trained security team can protect itself from the most sophisticated threats. This message must be conveyed to non-technical leaders in the boardroom.
One way to do this is by using real-time metrics and aligning security with business objectives. Through regular communication that showcase the evolution of your security measures, the decrease of your risk index, and other important metrics, you can provide the board the information they require to influence decision making. Another option is to tell a story of the impact, rather than passing through numbers. Instead, tell an engaging story. Through sharing a real-life story of the swift actions of your team stopped an imminent threat it will show your board that they are being protected and that their efforts are having an impact.
www.greatboardroom.com/recommendations-on-being-a-better-nonprofit-board-member/