It is a risky time to be a board member for organizations with a large or growing digital footprint, unless you are willing to ask the hard questions and insist on transparent answers.
Assurance is something that any and all directors on a corporate or public sector board should require. Unfortunately to many find out the hard way, as they assume that all the necessary steps have been already taken by the officers and security personnel and then find out after a breach or hack that this was not the case. Board members have a fiduciary and due-care responsibility to ensure that the proper security steps have been taken and continue to into the future.
In my recent LinkedIn post with an article link below, we covered six of the concerns that every CISO should be prepared to address with the board members. Additionally, all board members should be asking the leadership and the security leader for the organization these questions and then ensuring the answers reduce the risk for the organization to the acceptable level accordingly.
Good boards understand that their attack surface is growing and the number of threat vectors is increasing due to the pandemic, IoT and actual growth itself. Therefore, it is critical for all board members and leadership to understand a good organizational security posture is a journey, not a destination. During this journey there will be lots of additional threats and risks good leaders will ensure that the resources are available to the leadership to meet or exceed those potential risks.