Five Cybersecurity Questions for Boards or Investors
Five Cybersecurity Questions for Boards or Investors Boards of Directors and investors do not need to be technical experts to oversee or discover cybersecurity risk in organizations. They do, however, need to ask probing questions to ascertain the maturity level of, and fundamental challenges within, the way organizations understand and manage cybersecurity risk. In our interactions with Executive Board of Directors, Venture Capital Investors, and M&A due diligence analysts, a common question routinely surfaces when executives seek to understand a company’s cybersecurity risk: What do I need to ask to gain a true sense of how a particular organization understands and manages cybersecurity risk? Our answer to this question is relatively straightforward and not always obvious: Probe into the organizational understanding and operational structure around addressing cybersecurity risk, and seek evidence of measurable facts in support of that thinking and structure. This may s