Try to think of a critical business process that does not rely on computers, software, networks or an ecosystem of 3 rd party providers. The list is very short if your business has any.
Most members of board of directors bring relevant operational experience and strategic vision to the organizations entrusted to their stewardship. The emerging and constantly evolving threats of new business paradigms requires a broad understanding of potentially disruptive operational and cyber risks. Yet most boards struggle to effectively understand the complex interdependencies between operational, reputational, 3 rd party and cyber risks that are currently placing their growth and other strategic goals in jeopardy. The “duty of candor” requires that the board inform stakeholders of all information that is important to their evaluation of the performance of the company. That requirement is very difficult to achieve if board members do not feel properly informed about the organization’s capabilities, risk appetite, residual risk beyond the capabilities of current controls, status of outstanding remediation activities or how to interpret the metrics that describe current state and evolving threat trends.
Government and industry regulations acknowledge these threats and related disruptive events but can only provide guidance on the only strategy permitted; self-defense. Consider that for the first time in history, operating a business located in the United States is NOT inherently any safer that operating in any other country, once you establish any connection to the internet or other shared network. The might of our military, the strength of our institutions, our rules of law and most fundamental core values provide virtually no protection for any business that utilizes computers, software, networks or external suppliers to support normal operations. These business enabling tools are under constant attack by highly skilled organizations & individuals that are well organized and very effective at introducing risk into every aspect of your business processes and supply chain.