"Now Corporate Boards Have Responsibility for Cybersecurity, Too"
The US Securities and Exchange Commission's (SEC) new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure ruling took effect last fall. Public companies must disclose whether their boards of directors have cybersecurity experts. Keri Pearlson, executive director of the Cybersecurity at MIT Sloan Research Consortium (CAMS), studies organizational, strategic, management, and leadership challenges in cybersecurity, with her current focus being on the board's role. Pearlson and her co-authors suggest board members assume cyberattacks are likely and oversee executives' and managers' response and recovery plans. Pearlson developed the Board Level Balanced Scorecard for Cyber Resilience (BSCR) to help boards and management discuss and understand the organization's most significant cyber resilience risks. Pearlson's BSCR divides these key risk areas into four quadrants: performance, technology, organizational activities, and supply chain. This article discusses the board's role in cybersecurity and Pearlson's BSCR approach.
Submitted by grigby1