World Economic Forum Report Offers Cyber Risk Guidance for Boards
March 26, 2021
Boards of directors need to play a more active role in protecting their organizations from cyber risks, according to a study released by the World Economic Forum (WEF).
While the failure of cyber security is a "clear and present danger" and a critical global threat, responses from boards have been fragmented, risks have not been fully understood, and the collaboration between industries has been limited, the WEF said.
In response, the WEF, along with the National Association of Corporate Directors, the Internet Security Alliance, and PricewaterhouseCoopers (PwC), released a unified cyber-security guide for directors. The Principles for Board Governance of Cyber Risk Report is the result of a year-long effort to find a cohesive, global, and cross-border approach to cyber risk, a WEF statement said.
The report addresses six principles that apply to boards and management teams and shows how directors can increase their understanding of cyber risks and act quickly, incorporating cyber-risk planning into overall corporate strategy.
The six principles are the following.
- Cyber security is a strategic business enabler.
- Understand the economic drivers and impact of cyber risk.
- Align cyber-risk management with business needs.
- Ensure organizational design supports cyber security.
- Incorporate cyber-security expertise into board governance.
- Encourage systemic resilience and collaboration.
"Without a principled foundation for understanding and governing cyber risk at the board level, risk responses have been piecemeal and security gaps have risen," Daniel Dobrygowski, head of governance and trust at the World Economic Forum Center for Cybersecurity, said in the statement. "These principles provide much needed foundations for directors in any industry or geography. Cyber security is not just a technology problem; it is an economic and strategy issue crucial for boards to address given the current environment."
The report notes that companies that effectively manage their entire portfolio of risks, including cyber, do better in the marketplace.
The WEF report can be found on the organization's website.
March 26, 2021