Fill your board’s cybersecurity gaps with more than one CISO

May 24, 2024
1 min read

TLDR:

  • Adding a CISO to a board is popular but not effective for improving cybersecurity.
  • Boards need to elevate their collective knowledge on cybersecurity.

Boards are facing increasing expectations around cybersecurity governance, but most directors lack expertise in this area. While adding a CISO to the board may seem like a solution, it doesn’t address the fundamental role of the board as a collective decision-making body. Instead, boards should focus on elevating their collective knowledge on cybersecurity through strategies such as quality time with the organization’s CISO, executive education courses on cybersecurity risk, cyber learning forums, and bespoke board sessions dedicated to cybersecurity. By taking a comprehensive approach to improving board members’ cybersecurity expertise, boards can become more proactive in building cyber resilience and staying ahead of attackers.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and