Security News > 2020 > January > Why corporate boards are unprepared to handle cybersecurity risks
A new report recommends that corporate boards answer four key questions on a regular basis to guide cybersecurity governance.
Board members said cybersecurity is an existential risk for businesses and they want to understand the issue because problems are growing faster than they are being solved.
Corporate boards should use a list of four questions of "Dynamic tensions" to do this and revisit the list frequently to measure changes in risk, regulation, and internal expertise.
The report recommends that corporate boards use this framework to oversee and govern cybersecurity in the enterprise right now and as new threats and regulations emerge.
If the board sees cybersecurity as an existential threat, members should prioritize due diligence of cyber risk in the supply chain and develop a culture of preparedness and stress-testing including semi-worst-case scenarios.