Six principles for board governance of cyber risks

The World Economic Forum believes companies managing risk effectively, including cyber risk, do better in the marketplace. A new report provides boards with six guiding principles.

Joe Fitzsimons, senior policy advisor at the Institute of Directors (IoD) urges directors to develop “a strong understanding of cybercrime across all areas of the business”.

Daniel Dobrygowski, head of governance and trust at the World Economic Forum (WEF) says most directors are still at the stage of identifying the problem. “They know that cyber risks exist, but look to the IT team to solve them. They’ve not yet come to understand that this is their problem”.

Larry Clinton, president of the Internet Security Alliance (ISA), says the expectation of directors is not that they become technical experts but that “they need to understand the terms being thrown about, be able to ask the right questions.”

To help boards develop a cohesive cyber security approach to governance the WEF, ISA, PwC and the USA’s National Association of Corporate Directors have created six principles:

1. Cyber security is a strategic business enabler.
2. Understand the economic drivers and impact of cyber risk.
3. Align cyber risk management with business needs.
4. Ensure organisational design supports cyber security.
5. Incorporate cyber security expertise into board governance.
6. Encourage systemic resilience and collaboration.

Here is the WEF’s March 2021 report and a further article here.

Thanks to Eden Constantino on Unsplash for the image.