Assessing the Board’s Cyber-Risk Oversight Effectiveness
In brief: This tool helps directors outline key questions to pose to their senior management teams to provide effective cyber-risk oversight. The tool then provides a numerical scale for assessing the board’s cyber-risk oversight effectiveness. This brief was written by Thompson Reuters and originally appeared in Cyber-Risk Oversight 2020: Key Principles and Practical Guidance for Corporate Boards.
This resource can help your board to
pose questions to management to assess key cyber risks,
provide oversight of the corporation’s cyber-risk landscape, and
evaluate the board’s understanding of cyber risks facing the organization.
Most relevant audiences: Risk committee chairs, risk committee members, and CISOs
This tool helps directors identify which questions to ask senior management and outlines a numerical scale for assessing the board’s cyber-risk oversight effectiveness.
Board leaders wishing to incorporate a cybersecurity component into their board’s recurring self-evaluation can use the questions in the table below as a starting point.
Questions Directors Can Ask to Assess the Board’s Cyberliteracy
Can all directors effectively contribute to a robust conversation with management about the current state of the company’s cybersecurity? In which areas does our lack of knowledge/understanding of cyber matters prevent effective oversight?