ICS OT
WEF Announces Principles for Cyber Risk Governance
In partnership with NACD and ISA, the World Economic Forum identifies six principles for cybersecurity board governance. The document also thoroughly explains how these principles are vital for directors and their cyber governance.
One of the many risks that businesses face today is cyber risk. This means that, for a business to survive and secure its ecosystem, a strong foundation governing cyber risks is needed. Businesses that effectively and efficiently manage various risks- including cyber risks- perform better in the marketplace.
The World Economic Forum (WEF), in cooperation with the National Association of Corporate Directors (NACD) and the Internet Security Association (ISA), recently published the Principles for Board Governance of Cyber Risk, offering six principles for cybersecurity board governance.
The document laid out how these principles are vital steps that board directors could take to enhance their organization's cyber governance, leading to a more cyber-resilient business.
The six principles are:
- Cybersecurity is a strategic business enabler
- Understand the economic drivers and impact of cyber risk
- Align cyber-risk management with business needs
- Ensure organizational design supports cybersecurity
- Incorporate cybersecurity expertise into board governance
- Encourage systemic resilience and collaboration
According to the first principle, cybersecurity is more than just an IT issue, especially because it can disable an entire organization's operation. The document suggests directors "view each major new transformation initiative the lens of cyber risk". It is also important to analyze cybersecurity issues concerning their strategic implications.
The second principle explains why an analysis of the economics of cyber risk is paramount in enterprise decision-making. It suggests reviewing and approving the organization's cyber risk tolerance in the context of the company's risk profile and strategic goals.
The third principle, on the other hand, recommends the board understand and assess how to effectively manage cyber risks in pursuing the business's objectives. Meanwhile, the fourth principle encourages enterprises to design an internal governance structure, addressing cybersecurity on an organization-wide basis, including a definite authority and key performance indicators among internal stakeholders for critical management.
The paper's fifth laid out principle also encourages boards to "avail. Themselves of external industry and other guidance as well as the cybersecurity expertise of fellow directors, third parties and internal resources to effectively oversee the organization's cybersecurity within an appropriate structure focused on oversight". It is important for board directors to expand their knowledge about the ever-changing world of cybersecurity to future-proof their cyber resilience.
The last principle also suggests organizations to collaborate. Collective action and collaboration are essential to overcome systemic cyber-risk challenges.
How an organization handles cyber risks could make or break their business. Board directors and other decision-makers must understand cyber risk and how they can govern its looming threats. It is also important for directors and industry professionals to consciously update their knowledge of how to address cybersecurity within their enterprises.
To know more why board directors and other executives must view cyber risk and cybersecurity as an organizational issue- and not as a mere IT issue, read Trend Micro's comprehensive eBook, “Strategic investments to secure smart manufacturers". It also explains how Trend Micro can help converge IT/OT security.