Cybersecurity and the Board: Current Perspectives and Expectations

Cybersecurity and the Board: Current Perspectives and Expectations

Cybersecurity is a critical concern as cybercriminals, nation-states, and other threat actors increasingly target organizations and cause disruption and harm. Additionally, governments and regulatory authorities are also increasing their scrutiny of organizations. For example, in the U.S., the SEC recently sanctioned organizations “…for failures in their cybersecurity policies and procedures.” The European Union’s General Data Protection Regulation (GDPR) has led to fines against organizations that stemmed from cybersecurity data breaches. All of these events are driving boards of directors to focus more on the cybersecurity aspects of their organizations.

In the inaugural episode of Bugcrowd’s CrowdCafe we are joined by Robyn Denholm, who recently joined Bugcrowd’s board. We’ll discuss the following topics and questions:

• How well is cybersecurity understood by boards these days? Is it different now than it was 12 to 18 months ago in light of the increasing number of, and impact from, ransomware and nation-state attacks?
• What are board members worried about when it comes to cybersecurity?
• Security and risk management leaders often struggle to translate cybersecurity from a technology issue to a corporate concern. What kind of information and measures are boards looking for and expecting from their cybersecurity leadership?
• Should we expect to see it become the norm that a director on a board understands and/or speaks “cybersecurity”? Will this happen within the next couple of years or will it take longer?