Board Governance

Cyber regulation requires board disclose their cybersecurity risks, incidents, risk management processes, risk mitigations and details of accountable executives.  Information that will be used by the regulator and investors to take appropriate actions as they assess a registrant’s ability to manage material cyber risks and incidents.  Information that a covered entity maybe required to demonstrate to a regulator or court.

Covered entities require an appropriate, adequate, framework to demonstrate the relationships between and the roles and responsibilities of all internal and external compliance stakeholders. Ahead of board attestation and submission to the regulator.

 Cybersecurity risk management regimes being developed by U.S, EU and APAC regulators are driving cybersecurity risk management compliance into the board rooms of public and private organizations.  Requiring board increase their situational awareness of cyber risks and risk mitigation.

 The Left of Bang approach enables organizations to develop better situational awareness through an understanding of cyber risks.  Treating risks in a manner that could be considered adequate and commensurate to the level of risk. 

  The traditional approach for many organizations to manage cybersecurity risks has been to rely on cyber insurance as the main form of risk transfer.

 Regulation removes the ability of the board to make decisions based upon the cost of implementation alone.  It requires boards to demonstrate a reasonable level of cyber compliance, that while economic in nature has to be justified in line with the boards responsibility to demonstrate appropriate capital allocation, due diligence and care to shareholders. 

Boards are accountable for the oversight and assurance of cyber supply chain risk management and their cybersecurity risk management strategy, governance, and incident disclosure, increasing legal and compliance risk.  Requiring board to implement robust governance oversight and assurance to demonstrate regulatory compliance.

A presentation given to various international stakeholders on that discusses a simple model for the board governance of cybersecurity risks.