Security News > 2023 > April > Balancing cybersecurity with business priorities: Advice for Boards

How good are we at cybersecurity? Boards should learn more about the people and expertise on the cybersecurity team, and their experiences.

Of course, dashboards can be a great source of information, but do they simply show what organizations can measure, rather than what they should be measuring? How resilient are we? Boards should ask the CISO, technology leadership: CIO, CTO and the business leaders about how prepared your organization is to keep the business running through an event like a ransomware attack.

Are we testing and validating that designs provide the levels of failover required under a range of scenarios? Can we operate our key business services in a degraded state? What is our risk? At a minimum, Boards should ensure that cybersecurity risk assessment addresses five key areas: 1) an assessment of current threat exposure to your organization; 2) an explanation of what the cybersecurity leadership is doing to mitigate against those threats; 3) examples of how the organization is testing whether the controls are effective; 4) an assessment of the consequences if those threats materialize as incidents: are we ready to respond and recover; and 5) an assessment of risks that you aren't going to mitigate, but will otherwise accept.

What top-of-mind cybersecurity challenges are organizations facing today, and how can Boards take a more proactive role in advancing responsible AI practices?

How do you suggest Boards balance the need for cybersecurity with other business priorities, such as innovation and growth?

The interactions on the Board around the security of an organization should not just come from a CISO, and Boards should expect all lines of business - the CIO, CTO, CRO, and other leaders - to talk about cyber risk as part of their strategies.

News URL

https://www.helpnetsecurity.com/2023/04/18/alicja-cade-google-cybersecurity-business-priorities/