6 board of directors security concerns every CISO should be prepared to address

The COVID pandemic and spike in cybercriminal activity has raised interest in security among corporate boards. These are the concerns and questions CISOs say they are now hearing from them.

Igor Kutyaev / Getty Images

Data breaches, ransomware attacks and concerns over risks tied to the global pandemic have heightened interest in cybersecurity among corporate boards of directors. Security leaders say BoDs have become more engaged in security matters, have a keener understanding of cyber issues, and have begun asking more sophisticated question about risk exposure and ways to manage it.

Though many continue to view security as a cost of doing business, an increasing number of board members perceive it as fundamental to the business. With many companies accelerating digital transformation initiatives in the wake of the pandemic, boards want to understand how security can enable those efforts and support business requirements in an environment where the workforce has become a lot more distributed.

"Boards have become a lot more savvy about technology and understanding security," says Timothy Youngblood, CISO at McDonald's Corp. "They are somewhat driven by the SEC and their expectation that boards have some level of technical expertise," he says. They have also been helped with a lot of guidance on cybersecurity from the National Association of Corporate Directors and others.

Consequently, the questions that boards are now asking security leaders have changed as well. Here, according to Youngblood and others, are six top-of-mind issues among BoDs these days.

1. Cyber accountability