Purple Background
Board and Leadership

Help Mitigate Cyberattacks: 3 ways to Increase Security for Your Board (and Business)

Help Mitigate Cyberattacks: 3 Ways to Increase Security for your Board (and Business)

Cyber criminals are becoming increasingly sophisticated. They are also opportunistic and will constantly try to exploit new vulnerabilities for money, especially through email. According to recent reports, criminals sent 92% of malware via email,[1] and business email compromise (BEC), where an attacker gains access to a corporate email account and impersonates the owner to defraud the company, is on the rise.[2]

Organizations should also expect an increase in cyberattacks designed to destroy infrastructures.

The rise in cyberattacks can seem overwhelming for organizations and their board members, who are responsible for managing cyber risk. Cybersecurity issues are complex and technical, raising anxiety that board members don’t have sufficient expertise to serve their risk oversight function. But board members can be prepared to mitigate these risks. Here are a few tips:


  1. Clearly define the organization’s unique risk appetite and its acceptable level of risk across various business units. This risk appetite varies by organization and is invaluable in allowing the board to prioritize threats and vulnerabilities based on the likelihood they will occur, as well as their potential impact on the organization.
  2. Oversight of the organization’s cybersecurity program is also critical. Cybersecurity governance should address unforeseen vulnerabilities, threats and attacks. It’s helpful to use third parties to assess the maturity of the organization’s overall information security program. The third party should conduct interviews with stakeholders as part of their assessment process and compile a board report that compares the organization’s threat risk against peers in its industry.
  3. To keep updated on cybersecurity risks, board members should consider including cybersecurity on its agenda at full board meetings as frequently as necessary based on the level of risk the company faces from data-related attacks, and as specific incidents and situations warrant.

For a deeper dive into the always-evolving cybersecurity governance world, and tips on how your board can keep pace, download our white paper on Managing Cybersecurity Governance: Trends in Cyber Threats.