With the increase in cyberrisks, boards should take an active role in understanding such issues and assess their organizations’ preparedness. Moreover, the full board should understand management’s risk practices so it can effectively oversee cybersecurity. As referenced in the Audit Committee Brief, a Carnegie Mellon University CyLab report:
“For the third time, the survey revealed that boards are not actively addressing cyber risk management…There is still a gap in understanding the linkage between IT risks and enterprise risk management. Boards still are not undertaking key oversight activities related to cyber risks, such as reviewing budgets, security program assessments, and top-level policies; assigning roles and responsibilities for privacy and security; and receiving regular reports on breaches and IT risks.”
For more information, go here: http://deloitte.wsj.com/riskandcompliance/2013/10/10/the-boards-role-in-overseeing-cybersecurity-risk/.