United States

The board of directors’ role in information security and privacy

WHITE PAPER  | 

Download white paper

The role of the board of directors has shifted as information technology (IT) systems consume critical processes and data and encounter more risk. Traditionally, the board manages financial risks and business strategy, but its role must expand as IT security and privacy concerns impact those areas of the organization. IT systems have become “the business,” and as well-publicized security and privacy breaches emphasize the new reality, boards are faced with several complex challenges.

IT security and privacy risks differ from traditional concerns and the board must adjust its approach to protect the organization. Threats change at an almost unimaginable pace, with criminals adjusting technical aspects and tactics to exploit vulnerabilities and breach organizations. Security and privacy threats also potentially affect several areas of the business with varying impact levels, and can take months or even years to appear.   

Boards are faced with the challenge of overseeing business risks presented by technical, fast-moving security and privacy threats that are difficult to quantify. Best practices that boards can take to limit organizational exposure include:

  • Removing or reducing the number of data breach targets
  • Communicating to employees with the right tone and messaging
  • Ensuring that processes and response plans are not only established, but also actively tested and practiced
  • Establishing proper roles and staffing
  • Communicating with peers and outsiders, as security and privacy is a community effort

While the task is certainly challenging, businesses can take measures to bring risks down to a reasonable level and help avoid data breaches that have plagued organizations in several industries. The board is integral to help manage and remove risks, deploy necessary processes, integrate the right talent to operate those processes and encourage the right internal and external communication.

AUTHORS


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.

LEARN MORE



Events/Webcasts

LIVE WEBCAST

2017 economic and risk outlook

  • January 09, 2017

LIVE WEBCAST

AML and regulatory compliance webcast series—Fall 2016

  • December 15, 2016

RECORDED WEBCAST

PCI DSS 3.2—What’s next?

  • December 08, 2016

IN-PERSON EVENT

RSM Raleigh Technology Conference

  • October 26, 2016

IN-PERSON EVENT

Emerging risks seminar: 2016 cybersecurity executive forum

  • October 11, 2016