Continuing the series on Cybersecurity concepts for BoD members and C-Level executives, the article linked below is worth a look.
NACD emphasized the following main points about the board’s role in its comments:
- The cyber security-specific roles of the board and management are distinct.
- Management must control and mitigate risk, and drill deeply into breaches.
- The board’s role is to make sure that cybersecurity is well managed and that the risk is well controlled.
- NACD believes cybersecurity oversight must be the shared responsibility of the whole board, not the responsibility of one director with cybersecurity expertise.