What the Board Needs to Know About Cybersecurity Compliance
Board members are now facing lawsuits after large-scale cybersecurity breaches because the security breakdowns are considered a failure to uphold fiduciary duties, reports CIO.com.
Department of Justice guidelines for cybersecurity awareness provide some idea of what should be shared with board members. “The CIO now has a responsibility to communicate the cybersecurity strategy to board members and make them aware of critical risks to help avoid personal liability,” CIO.com says.
“Details of day-to-day activities like software monitoring and firewall setup are important for the IT team and CIO to understand, but that level of granularity is not necessary for the Board. However, at a minimum, the Board should understand how cybersecurity failures can impact the business.”
