Five Nutshell Questions about Cybersecurity for the Board of Directors

Blank Rome LLP

On April 29, 2016, the Council of Institutional Investors (CII) published its new Special Report, Prioritizing Cybersecurity: Five Investor Questions for Portfolio Company Boards.

To facilitate effective cybersecurity risk oversight by the board, CII has suggested five questions that a board of directors needs to be able to answer:

  1. How are the company’s cyber risks communicated to the board, by whom, and with what frequency?
  2. Has the board evaluated and approved the company’s cybersecurity strategy?
  3. How does the board ensure that the company is organized appropriately to address cybersecurity risks? Does management have the skill sets it needs?
  4. How does the board evaluate the effectiveness of the company’s cybersecurity efforts?
  5. When did the board last discuss whether the company’s disclosure of cyber risk and cyber incidents is consistent with SEC guidance?

There is nothing revolutionary about these five questions. These questions have been raised before, and cybersecurity has made its way to the board meetings’ agenda. However, CII’s “nutshell” cybersecurity questions highlight the intersection of corporate governance and cybersecurity and drive home the main message of the report: “effective cybersecurity risk management starts with the board.”

In addition, the report makes a very important point that directors do not need to “support unrestrained capital spending on any project with a ‘cyber’ prefix.” Instead, directors, similar to other risk oversight responsibilities, “need to:

  • understand management’s cybersecurity strategy;
  • learn where cybersecurity weaknesses lie; and
  • support informed, reasonable investment in the protection of critical data and assets.”

Written by:

Blank Rome LLP

Blank Rome LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.