The overwhelming number of cybercrime incidents in recent months has forced boards of directors to ask strategic and thoughtful questions directed toward management and internal audit. Boards need to take a more proactive role in cybersecurity or face the possibility of lawsuits in the event of a security breach.
Yet in The IIA Audit Executive Center’s “Pulse of the Profession 2014” survey, when asked how involved the board was during the last fiscal year in regard to specific action or requests on cybersecurity preparedness, only 14% responded they were actively involved.
The IIA Research Foundation, in partnership with ISACA, commissioned the research report, Cybersecurity: What the Board of Directors Needs to Ask, to:
- Help directors know how they should react to cybersecurity breaches and what to do.
- Understand that cybersecurity is an enterprisewide issue, not just an IT issue.
- Know what the IT auditor’s role is in helping the Board of Directors address the issue.
The report also outlines the NACD’s five principles for the board, and provides a list of top questions every board needs to ask.