Of course, it is.
I recently delivered a talk to the Board of Directors of a major, not for profit organization in Africa. I was surprised at their basic appreciation of the cybersecurity risk management strategy. Compared to Bank Boards, Not for Profit Boards don’t invest a lot in learning new and emerging business risks as their counterparts in financial institutions. Nevertheless, all board members need ongoing advice on cybersecurity.
Competitive advantage today is through a company’s ICT infrastructure investment and optimization. Without a robust ERP system, for example, your Company is at a competitive disadvantage.
However, automation comes with lots of risks of going concern in case of a major cyber threat. Take care of the UK’s NHS that has a massive cyber breach. And so many other companies. It is the role of the board to manage risks proactively.
To this end, the board, more than anyone else, needs Cybersecurity to advise. Because threats landscape is ever-evolving, the board needs this briefing quarterly at every meeting.
There is always a risk of false confidence to the board by the management. Independent cybersecurity assessment, through internal audit structure, is recommended to make sure things are fine.
Copyright Mustapha B Mugisa, 2020. All rights reserved.