Horizons Spring/Summer 2021

C ybersecurity oversight is a significant concern for companies even before the COVID-19 pandemic forced so many organizations to suddenly shift to remote work. Data breaches and other cyber threats pose significant competitive, reputational, and litigation risks and require increasingly costly investments to prevent, detect, and respond to. Changes in the environment as a result of the pandemic have created new risks that need to be managed with board oversight. With a cyber breach considered by most experts to be inevitable, cyber risk must be part of the board’s overall risk oversight. Keep in mind that directors don’t need to be technologists to play an effective role in cyber risk oversight. Every board can take the opportunity to improve the effectiveness of its cyber oversight practices. key fiduciary responsibility for a board of directors and was a

The board should ask the following general questions to understand cybersecurity risk:

∙ What are our organization's top five cybersecurity risks?

∙ How are we managing these risks?

∙ How is security governance managed?

∙ In the event of a serious breach, has management developed a robust response protocol? The board should also ask the following technology- and pandemic-related questions, broken up into four categories: commitments, working from anywhere, compliance, and plans.

Spring/Summer 2021

7