- Members of board of directors find cybersecurity risk to be a "fundamental hazard to the continued existence of the enterprise," according to a study from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) and consulting firm Booz Allen Hamilton released Wednesday. They interviewed 20 board members from U.S. companies in nine industries.
- As the relevance of cyberthreats rises among leaders, board members see cyber risk as "no longer confined to a set of operational decisions to be left solely in the hands of IT management." Tech leaders, such as CISOs, can help the board grasp complex technical and engineering concepts.
- But board members say they don't have the information and processes in place to provide effective governance when it comes to cyber risk, since it requires a different and more dynamic governance model than other types of risks.
Successful digital transformation journeys need a committed board of directors that gets involved, rather than oversees. The lack of an effective cyber risk governance strategy, means trouble ahead for companies.
"Boards feel a deep sense of urgency to exercise a central role in improving their firm's cybersecurity posture through enterprise-level governance and oversight," said Bill Phelps, a Booz Allen executive vice president and leader of the firm's U.S. Commercial business, in a release.
Additional threats lie in the missed opportunities: cybersecurity strategies can't grind innovation or product development to a halt.
"The opportunity costs of actions not taken, products not created, and markets not entered because of unmanaged security risk are mounting, even though they are hard to quantify," the study said. "Boards need to hold management to a standard in which cybersecurity and innovation are fully consistent with each other, if not synergistic."
To better understand risks, boards of directors want them to be articulated in the context of trade offs and return on investment.