Nearly every large public company has made significant investments in cybersecurity. But even where internal management of cyber risk appears strong, a board may worry that its oversight of digital security is inadequate—or that it has no reliable way to assess its adequacy or to compare its capabilities with other firms.
A new framework, Cyber Oversight Effectiveness Development (COED), developed by the Center for Long-Term Cybersecurity in partnership with Tapestry Networks and King & Spalding, aims to address these gaps and help boards become more resilient and adaptive. It is predicated on the belief that cyber risk often requires fundamentally different treatment than other risks, such as health and safety or fraud.
Using the COED Framework will increase board members’ individual and collective self-awareness, moving from an emergency “ad hoc” posture (where the board has little choice but to accept management’s guidance regarding the threat landscape) toward a stance that is both proactive and resilient. Getting the most out of the COED Framework will require time, resources, and energy, but the potential payoff is greater readiness for digital transformation and value creation that goes beyond the important goal of protecting the company from cyber criminals.
For those firms that decide to invest further, the COED framework provides a multi-step process to help gain a deeper understanding of their organizations’ current capabilities, how they differ from those of others, and where they need to aim.
To learn more about the Cyber Oversight Effectiveness Development framework — including a case study of how this process might play out — read the full report. Below is a link to a summary presentation of the COED Framework.