News & Insights

Directors Governance Center

June 14, 2013

Cybersecurity and the Board (Tapestry Networks Report)

At its meeting on October 3, 2012, the North American Audit Committee Leadership Network (ACLN) discussed cybersecurity and the board. The report from the meeting recommends a top-down approach to cybersecurity and recognizes the boards role in employing internal controls necessary to protect corporate digital assets from increasingly prevalent security breaches. Shawn Henry, former executive assistant director of the FBI and president of CrowdStrike Services, also joined the discussion.

According to Henry, modern corporations must increasingly focus on swiftly detecting and responding to cybersecurity breach, in addition to traditional perimeter defense. Todays cyberthreats include criminal groups, terrorist groups, hacktivists, company insiders, and foreign intelligence services seeking access to sensitive data and, in some cases, seeking to steal, change, or destroy it. To reduce the impact of a breach, Henry recommends monitoring cybersecurity continuously, treating sensitive data carefully, providing adversary-specific responses, and disclosing breaches. Henry emphasizes the necessity of advisedly disclosing breaches to protect a corporations reputation with the media, customers, and investors, to comply with SEC disclosure requirements, and to build information-sharing among companies, which enhances the quality of cybersecurity.

Henry noted that cybersecurity starts in the boardroom. Because board oversight is crucial to organizational cybersecurity coordination, Henry stressed that:

*Organizational leaders discuss their cybersecurity capabilities and responsibilities;

*Audit committees require deliverable proof of compliance with cybersecurity plans;

*Boards require technical expertise within the upper levels of the organization, if not on the board; and

*Boards consider employing external auditors to report on cybersecurity controls.

These measures, according to Henry, provide base-level board accountability and organizational cybersecurity leadership sufficient to further the fight against damaging cyberthreats.

Tapestry Network organizes the Audit Committee Leadership Network to unite audit committee chairs from across the company, improve audit committee performance, and build trust in financial markets. Tapestry produces to develop informed discussion of audit committee choices, management, effectiveness, and governance. For more information about Tapestry Networks, the ACLN, and , please visit the Tapestry Networks website at