This BCLP blog offers some advice on topics that should be addressed with the board during cybersecurity briefings. These include discussions of the threat landscape & the company’s risk profile, the potential impact of AI, an overview of the legal and regulatory landscape, an overview of the company’s cybersecurity program, a description of maintenance/improvement activities, and topics for board approval. The blog also offers the following thoughts on private discussions with the CISO & director education efforts:

As part of periodic board briefings, it may be beneficial for the board or committee charged with overseeing cybersecurity to have private sessions with the CISO to discuss topics of material importance away from other management. Interaction between the board and CISO may build trust between the parties, which is critical in the event of a material cyber incident.

In addition to board briefings, a company may also encourage its directors to take continuing education classes on cybersecurity topics, as well as participate in the company’s tabletop exercises to get a better understanding of how significant cybersecurity incidents may be addressed.

– John Jenkins