Managing cyber risk is no longer something that can be covered with interesting questions from corporate execs and general presentations from the CIO a couple of times a year. Beyond the brutal fact that a ransomware attack can lay an organisaton lame for months and cost a fortune to survive, the chaos caused by cyber attacks has led to the establishment of an ISO standard on governance of information security and engendered an increasing number of national legal compliance requirements that prescribe directors’ and officers’ duties and responsibilities.
In her presentation at the eLearning Africa Edtech & Cybersecurity Virtual Exchange, Jody R. Westby, Esq., CEO of Global Cyber Risk LLC, USA emphasised that cyber governance decisions need to be made at the top to help align security objectives with the organisation’s objectives and how proactive efforts truly protect organisations against cyber risk. The speaker is a leader in the field of cybersecurity, with some twenty years of experience in the field and more than thirty years of unique professional background in the technical, legal, policy, and business realms.
Ms. Westby’s most recent book, entitled D&O Guide to Cyber Governance: Fiduciary Duties in the Digital Age, offers a blend of theory and practical guidance that sets the backdrop and makes developing cyber governance strategies easier. The work is aimed at those making relevant decisions and explains how they can defend their organisations against cyber risk. Prior to this effort, Ms Westby co-authored and edited four books on privacy, security, cybercrime, and enterprise security programs and wrote two books on legal issues associated with cybersecurity research.
Her contribution at the eLearning Africa event stressed the importance of a mature cybersecurity programme in the context of an organisation’s cyber governance structure, which she defined in realistic, tangible terms. The presenter also provided a deeper understanding of how effective cyber governance can and should be organised, addressing how boards and executives can meet their fiduciary duties for cyber risk management, how to establish a governance framework, and the board’s role in incident response.
Participants gained in-depth appreciation of global cyber governance regulations, standards, and best practices – and how applying them informs companies around the world in significantly reducing vulnerability to cyber-attack. Furthermore, it was underlined that directors and officers are increasingly regarded as being liable for breaches of security, which demands that they be granted a leading role in ensuring adequate cybersecurity at their organisations.
Executives are in the spotlight (and hot seat) to ensure adequate cybersecurity at their organisations. Having top-tier officers implement an effective cyber governance strategy to improve their firm’s cybersecurity is not only effective; it is increasingly becoming a legal requirement, as regulators in some countries have stipulated that decision makers bear liability for ensuring security at their organisation.
Cyber governance (or cybersecurity governance) comprises the strategies that an organisation implements to mitigate its cyber risk. These strategies, preferably developed in the C-suite, require an effective reporting and accountability structure that empowers staff to ensure sound cybersecurity at the organisation.
Naturally, though, it is essential that the organisation’s cyber governance be aligned with its goals. This, in turn, helps in the allocation of resources throughout the organisation to those responsible for training staff, providing an overview of the threat landscape, or investing in hardware and software that help protect assets.
Ms Westby’s approach offers an in-depth overview of global cyber governance regulations, standards, and best practices. By following best practices for their respective industries, companies around the world can significantly reduce their vulnerability to a cyber-attack. Within an effective cyber governance structure, executives must have oversight that is broad enough to enable them to make appropriate organisational decisions.
Legislators and regulators can play a fundamental role in ensuring cybersecurity compliance, explains Ms Westby, by developing new stipulations and placing increased emphasis on management within an institution to ensure adequate security. Moreover, regulators have the leverage to reinforce efforts by requiring executives to provide annual certifications of compliance and pressuring them to implement effective cyber governance structures toward mitigating risks. A carrot is offered in that complying with regulations and conforming with best practice opens avenues for firms to avoid potential strife with the authorities. According to Ms Westby, yet another incentive for establishing effective cybersecurity programs at institutions could include tax breaks for specific cybersecurity-related expenditures.
Ms Westby’s D&O Guide to Cyber Governance: Fiduciary Duties in the Digital Age was published by the American Bar Association in July 2021. Of course transcending what was presented at the Virtual Exchange, the work provides a thorough analysis of the topic, supplemented and augmented by concrete steps that directors and officers can take. In a pleasant, easy-to-read format, the author identifies what directors and officers need to know to meet their fiduciary duties, exercise appropriate cyber governance, and protect their organisations against shareholder derivative and securities lawsuits. The publication is crucial for relevant personnel, as it presents them with clear information on cyber governance and introduces them to key compliance resources that steer them toward asking the right questions.
Please check this link for more information on the D&O Guide to Cyber Governance: Fiduciary Duties in the Digital Age.