This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Risk Intelligent Governance in the Age of Cyber Threats

What you don’t know could hurt you


Continuing reports of cyberattacks on high-profile businesses – as well as recent SEC guidance urging companies to consider disclosing cybersecurity incidents – are prompting boards of directors to start exploring cyber threat risk with their executive teams in earnest.

However, at many companies, boards may experience unexpected challenges at the very first step: understanding the company’s current exposure to cyber threat risk and its effectiveness in managing it. The frequent problem is that, the greater a company’s need for effective governance over cyber threat risk, the harder it can be for boards to learn enough about the issue to provide it. Until a company reaches a certain level of sophistication, it simply may not have the language, metrics, or technology in place to offer boards clear answers about cyber threat risk exposure and effectiveness.

Fortunately, there’s a way out of the catch-22. In "Risk intelligent governance in the age of cyber threats", we describe how a maturity-based view of four specific “leading practices” in cybersecurity can give boards valuable insights on a company’s cyber risk management strengths and weaknesses – even at companies that are still ramping up their capabilities in the area. A basic awareness of key elements in an effective cyber defense can not only help boards understand their company’s maturity in managing cyber threat risk, but point towards next steps that can help move the company toward a more proactive, preemptive, and mature approach.


Material on this website is © 2014 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see “About Deloitte” for a more detailed description of DTTL and its member firms.

Get connected
Share your comments


More on Deloitte
Learn about our site