It’s Time for the C Suite and Boards to Truly Engage in Third-Party Cyber Risk Management

by Fred Kneip

Given how much businesses rely on data, cloud providers and other aspects of the digital world, cybersecurity should be a topic on every boardroom agenda today. The reality is; however, most boards of directors and c-suites are comprised of individuals who have risen up through the ranks from financial, sales or business disciplines. As such, they almost always have a lot of expertise when it comes to things like finances, metrics and policy, but often very little when it comes to cybersecurity.

While some forward-thinking companies have created c-suite positions for IT and security personnel such as chief technology officers (CTO) and chief information security officers (CISO), these are, overall, still relatively rare. When they do exist, the CTOs, CISOs and similar IT executives don’t always get an actual seat on the board, and unfortunately their voices sometimes carry less weight. Their lack of voice is then compounded by the fact that most boards and C suites assume their IT and security teams have their cybersecurity covered. But with the increasing incidence of cyber breaches (most notably, third-party cyber breaches) and cyber regulations, this assumption is going to put the board and c suite in hot water.

Read more on SecurityWeek here.