The risk of a cyberattack is a concern that is fast becoming omnipresent for corporate directors across industries. “It’s not just financial services firms or regulated companies–everyone is interested now,” she said. That interest is leading boards to put a high priority on their cyber risk education and preparedness.
While it is important that boards are aware of the big picture when it comes to the company’s cybersecurity, they don’t necessarily need to be in the weeds with IT and the CIO or CISO. “You don’t want to over alert. But, then again, you don’t want to paint too rosy a picture,” said Peretti on notifying boards of risks. “The goals should be to create meaningful and consistent reporting that establishes credibility and paints an honest and accurate picture.”