Many consequences of cyber breaches have been well-documented, including financial and reputational damage. Recent developments, however, show that another serious consequence stands to become top of mind for business leaders: legal action against both the management and members of the boards of directors of organizations that suffer cyber breaches.
'Companies need people on their boards who can oversee the management of cyber risk, not people who are technically savvy but do not understand how to ensure that the business is properly managing cyber risk,' he says. 'The board must oversee the management of cyber risk rather than seeking to perform or actively manage the job of the CISO.'Unfortunately, many companies do not have board members with adequate, appropriate cyber expertise.