Many Canadian organizations are struggling to maintain their cyber security in an increasingly sophisticated and persistent technology risk environment. Cyber security is a systemic risk to any business and demands the attention of boards of directors.
However, many board members became successful business leaders before technology merited their sustained attention. Their lack of literacy on cyber security means they cannot provide oversight on this critical business risk. Directors can only make responsible decisions if they understand the strategic implications of their choices, so they need to understand how cyber risks fit into the broader risk picture.
This report provides a three-stage developmental approach to improving board competence in this area. It consists of assessing the board’s cyber security capacity, building members’ baseline capabilities, and encouraging them to exercise greater cyber security leadership.