An IIA & EY Report: “The Risky Six: Key questions to expose gaps in board understanding of organizational cyber resiliency”
Practitioners and researchers from The IIA and EY conducted extensive analysis to determine the root cause of how and why boards within all industries get a skewed picture of their organizations’ ability to protect themselves from cyber-related risks with the requisite resiliency. The team identified six key questions that if unanswered likely mean a disconnect exists.
Richard Chambers:
”The importance of the board having a clear-eyed view of the
organization’s cyber resiliency cannot be overstated. The board
exercises oversight of risk management, and I cannot think of
a more pressing and pervasive risk than cybersecurity. Proper
oversight requires board members to ask the right questions at
the right time, and to seek independent assurance from internal
audit that this risk is being properly managed.”