Risks Confronting Boards: Most Challenging to Effectively Oversee (Part II)
Are board members able to provide effective oversight of their organizations most challenging risk?
Now that we know what ranks highest for board concerns, the question is: how well is it being addressed?
We evaluate this through two key indicators:
- How effective is the board oversight of the risk?
- How effectively is the organization’s leadership managing the risk?
For this post, let’s focus on the issue of cybersecurity:
Cybersecurity is of the utmost concern for public and private directors. While it did not rank as a top concern for overall importance for not-for-profits, these organizations are also vulnerable to the risk.
The first approach to addressing the risk is the board’s oversight of the issue.
Cybersecurity is a challenge – because no matter what mousetrap is constructed, there always seems to be smarter mice. In the case of public, private and not-for-profit boards, oversight is clearly difficult:
And, at the operational level, there doesn’t seem to be significant confidence, either. When asked what the board’s level of confidence is in the management of cybersecurity risk by the organization’s leadership, we found poor results:
Unfortunately, as you can see from the numbers, while this challenge continues to mature, the confidence boards have in their organizations’ leadership against cyber-threats is declining. Although not-for-profits don’t see this as a top concern, leadership is clearly unprepared to manage the risk.
Later in this series, we’ll discuss what methods, specifically, organizations are employing to address this risk. However, the question still remains as to why the confidence in oversight and management of such a critical concern is so bleak.