It’s time for boards to take control of their organisations’ cybersecurity at a time when the threat to data security has never been so severe.

Beyond core company growth and profit, board directors have plenty of competing priorities they “must” attend to, such as regulatory change, the digital economy, culture, diversity, investor relations, political events like Brexit…the list goes on. And cybersecurity should be in there somewhere.
It’s tempting, even logical, to delegate some of these issues, or streamline them into a “tick-box” compliance approach, especially the more technical risks like cybersecurity. But when it comes to information security, that would be a mistake for two reasons: there has been a sudden surge in cybercrime in 2016/17 that requires a C-suite response; and the sobering fact that, year after year, failing to “own” cybersecurity has cost a succession of CEOs their job.

Read more…