Dave DeWalt, a veteran leader, advisor, and investor, who is the Founder & Managing Director of NightDragon and Former CEO of FireEye and McAfee, emphasizes the importance of cybersecurity in board director meetings. The increase in cyberattacks in recent years has affected businesses across various industries, with damages reaching trillions of dollars globally. Cybersecurity is now considered a board-related issue due to the financial and reputational risks these attacks pose to organizations, leading regulatory bodies like the U.S. Securities and Exchange Commission to push for stronger corporate governance practices.
DeWalt suggests that boards should prioritize cybersecurity by including it on their meeting agendas and asking critical questions to assess their organization’s risk profile. Boards should focus on cybersecurity reporting, educational initiatives for employees, practicing incident response plans, considering the need for cyber expertise on the board, and evaluating cybersecurity investments. Education on cyber risk, current threats, and new technology areas can help boards make informed decisions regarding the organization’s security posture.
One essential aspect of cybersecurity management is educating employees on best practices to prevent breaches caused by human error. By implementing cyber education protocols organization-wide, companies can reduce the likelihood of successful cyberattacks. Boards must also assess their own understanding of cybersecurity risks and consider additional education on relevant threats and technologies. Establishing a cybersecurity fire drill through tabletop exercises can ensure that all necessary steps are in place for incident response.
Some organizations may choose to add cybersecurity or technology experts to their boards to provide guidance on risk management. Former CISOs and cybersecurity leaders are often sought after to advise boards on cybersecurity matters. Directors should also evaluate whether their organizations are investing enough in cybersecurity and budgeting appropriately for defense measures. Failure to invest in cybersecurity may result in financial impacts or regulatory fines for organizations. By addressing these cybersecurity considerations, boards can help protect their businesses from cyber threats and ensure a secure future.
