Cyber Risk Is a Business Issue

New rules from the US Securities and Exchange Commission (SEC) that go into effect this year will require public companies to disclose their processes for managing material cyber risks, as well as the C-suite’s and the board’s roles in managing or governing those risks. This reflects a trend of boards sharing responsibility for cybersecurity with the company’s most senior ranks. But many companies will need to overcome a communications gap that exists between the technical details and jargon that often accompany cybersecurity briefings and the fundamental questions, What is the risk to the business, and how do we know we are managing it effectively?...

Neal A. Pollard is an adjunct professor at Columbia University, where he teaches graduate courses in cybersecurity as a business risk. Pollard has spent 30 years in cybersecurity as a technologist, operator, attorney, founder, board director, and policy advisor in government, industry, consulting, and academia. Formerly, Pollard was the group chief information security officer for UBS.

Shelley B. Leibowitz is the founder and president of SL Advisory, whose focus is all things digital, including transformation, effectiveness, governance, and trust. Leibowitz is a seasoned corporate director and serves as an independent director for public and private companies in financial services and tech. Formerly, Leibowitz was the chief information officer for the World Bank Group.