The stakes for board members in cybersecurity are higher than ever, with cyber attacks posing material risks to corporations, either by directly crippling operations or by breaching data on a massive scale, and regulators increasingly looking to hold board members accountable to disclose and get out ahead of cyber risks.
Against that background, Jack Jones, RiskLens Chief Risk Scientist and creator of the FAIR model for cyber risk quantification, joins a panel on data privacy and cybersecurity at the National Association of Corporate Directors (NACD) Global Board Leaders Summit, Sept. 23 in Washington, DC.
At the NACD Summit: Meet RiskLens executives, get your questions answered on the benefits of adding cyber risk quantification to your cybersecurity program with the RiskLens Platform. Visit us at booth 129!
Jack has long advocated that boards don’t get the clarity they need on cybersecurity from the typical CISO reporting, which runs toward imprecise scorecards like “maturity ratings” or highly technical jargon that doesn’t translate to the financial language of business.
In an article for the NACD Board Talk blog last year, Getting the Right Cybersecurity Metrics and Reports for Your Board, Jack and James Lam (RiskLens and E*TRADE board member and an honoree in the NACD Directorship 100) wrote that CISOs should report to boards in decision-oriented terms, such as:
Boards increasingly expect to receive reporting on cyber risk in the same financial terms used in the rest of enterprise risk management, such as interest rate risk, market risk, credit risk, operational risk, and strategic risk, Jack and James wrote. The FAIR model, on which the RiskLens Platform is built, quantifies cyber risk in just those financial terms.
There are plenty of signs that Jack’s message is breaking through and driving the demand for better reporting coming down from boards:
Hear Jack at the Global Board Leaders Summit, Sept. 23 in Washington, DC in the morning session “Ask the Experts: Data Privacy and Cybersecurity”. And for a deeper dive into FAIR and the movement to cyber risk quantification, attend the 2019 FAIR Conference, September 24-25 at National Harbor, MD, near Washington, DC, sponsored by RiskLens.
RiskLens is leading a revolution in the way cyber risk is assessed, measured and managed by bringing to market a Software as a Service solution that makes cyber risk quantification a reality.
We help organizations translate cyber risk from the technical into the economic language of business.