If in the past cybersecurity was viewed as a purely technical issue and strictly the responsibility of information technology specialists, today regulators have clearly signaled that that is no longer the case. As cyber threats have become more sophisticated and frequent, cybersecurity increasingly understood to be a critical strategic issue that must be addressed at the highest levels of an organization in coordination with security executives.
Board members today are expected to be actively involved in their organization’s cybersecurity risk management, have the sufficient technical knowledge to understand the risks, and be able to oversee the development and implementation of effective strategies and policies. While the role of chief information security officer, often abbreviated to CISO, is relatively new, it is increasingly acknowledged as the essential link between management and technical security teams in cyber risk management and cyber incident response. Regulators seem to agree, as more and more are instituting requirements to have a CISO, board involvement, and active cybersecurity risk management.
Yet with these increased responsibilities and risk management requirements demanded from organizations has come a higher level of scrutiny and enforcement actions for boards and C-suites, CISOs specifically. Cyber incidents and failure to comply with the increasing number of data security and cyber governance regulations now not only entail financial and reputational damage, but also bring the risk of civil and criminal liability for these key decision makers.
- Attorneys counseling boards and CISOs will find this course to be an essential guide in advising clients on developing but increasingly strict cybersecurity requirements and potential liability.
- Board members and CISOs will find this primer a useful overview of their regulatory cybersecurity responsibilities.