A financial institutions’ Board of Directors has the ultimate responsibility for securing customer information, as well as the responsibility for approving financial investments into cybersecurity, creating accountability throughout the institution for security operations, and setting clear expectations for management. The trouble with all that, however, is that the Board of Directors has not historically included a lot of technical or security expertise, which can limit the understanding of information and cyber security at their organizations.
What Directors Need to Know about Cybersecurity
So what do the Board of Directors and Executives need to most understand information and cyber security? How can the Board improve its oversight of its own ISP? Let’s discuss.