Cyber-threats: The board's role

Cyberliability is a growing concern for companies. While data security may have previously been the responsibility of IT departments, it's now becoming a company-wide concern. This has resulted in new responsibilities - and worries - for board members.

A 2012 study from FTI Consulting and Corporate Board Member magazine revealed directors recognize the risks of cyber-threats. Forty-eight percent of board members, along with 55 percent of general counsels, cite cybercrime as a significant concern, numbers that have doubled in the past four years.

So what's the board's role when it comes to handling cyber-threats? The board's role, as always, is to ask the right questions, help set priorities, demand accountability and serve as a strategic resource.

Woodruff Sawyer partner Lauri Floresca and I drilled down more specifically on what questions boards need to be asking in a recently released article. A useful framework divides the questions into three categories:

• Risk assessment
• Inventory of vulnerable assets
• Risk mitigation/transfer

While different companies clearly have different concerns when it comes to cyber-threats, we've found this framework to be a consistently useful starting point for boards of directors seeking to assess and mitigate the cyber-threats faced by their companies.

The views expressed in this blog are solely those of the author. This blog should not be taken as insurance or legal advice for your particular situation. Questions? Comments? Concerns? Email:



Table of Contents