Board Of Directors Cyber Training

Our Work: Client Story

Enhancing the effectiveness of the board’s cyber oversight and governance practices for a commercial property private company

Strategic Challenge

The board of directors of a private commercial property company needed an actionable understanding of cyber risks and how to provide effective cyber risk oversight. The company operated digital services within their commercial real estate properties and sensed heightened vulnerability levels. The independent board chair, in a proactive move, wanted a board training that would elevate the effectiveness of the full board’s cyber risk oversight and cyber risk awareness. However, most cyber training that was available was either too technical or not engaging and/or not board relevant. The chair wanted a training experience that was engaging, at a board level and customized for their governance needs.

Outcomes Achieved

  • Working with the independent board chair, we executed on the following:

    • Actionable awareness of current and emerging cyber risks and their associated business impacts

    • Improved cyber risk oversight and governance practices as well as increased confidence in asking the right cyber risk oversight questions

    • Practical guidance offered to management focused on cyber risks related to business strateg and Third-Party cyber risk governance model

    • Enhanced cyber hygiene for board directors themselves

Background & Context

Our client is an international family-owned business that owns and operates a collection of commercial properties that are leased to high-end shopping malls. The business has thrived for three generations and the board is comprised of 10 directors with an independent director that serves as the board chair

The board chair is well respected as a forward-thinking executive who’s very proactive in all things governance and especially oversight of relevant items such as (AI and cyber), that have strategic significance and business impact. The board chair took the initiative to deliberately build up the board’s cyber risk understanding and oversight capabilities. We had worked well with him in a different capacity at a different organization and he requested our advisory expertise to help with this initiative

We worked with the board chair to crystalize what would be most meaningful to the board and how best to engage with the different directors, especially the family and we aligned on the nature of the customized content and delivery structure

We’re ever so thankful to have been a part of developing the board’s new cyber risk oversight capabilities as well as facilitating effective risk management and mitigation strategies for the organization

Cyber Risk Advisory & Training

The objective was to guide the board through a series of simulation exercises to help them develop an applied understanding of the current and emerging cyber risks facing the organization. Armed with this applied understanding, the directors would be in a much better position to provide effective cyber oversight. This collective understanding would also help drive alignment among the directors on the critical elements of risk tolerance and risk appetite as they embark on new growth strategies.

There were three principal actionable objectives that defined success for the board:

  • Increase board effectiveness of cyber governance practices and cyber risk oversight

  • Constructively engage management to minimize the impact of cyber risks on business operations, brand reputation and operating profits

  • Raise actionable awareness for board directors on cyber risks in international locations

Collectively, these objectives serve to align the board on what members should expect from management on the critically topic of cyber risk and strategies for facilitating purposeful risk mitigation for the organization.

.

Side Bar - Cyber Risk Oversight For Boards

Often times, it’s difficult for board directors to figure out what cyber oversight elements matter most amid the growing complexity of issues they have to deal with.

One of the crucially important cyber oversight questions to ask is related to the strategic business impact of cyber risks on the organization. To learn more about how to distinguish a high quality from a low quality response, we encourage you to download this guide.

We conducted a board learning clinic using the customized content from interviews and discussions with the board chair. It was essential to make sure that the content was at the right altitude for the board and that it was significant enough for them to care

Through engaging board level stories and interactive exercises, we covered the following cyber risk elements, that were of strategic significance to the board.

  • Cyber Breaches & Incident Response: The central question here is; what should board directors expect from the CEO and the management team before, during and after a data breach or material cyber incident? How can directors provide wise counsel if things aren’t moving in the right direction and what’s the right level of engagement from the board during an active data breach or material incident.

  • 3rd Party Risk : We encouraged the board to spend some time understanding and appreciating the business impact of 3rd-party risk from critical partners, vendors and suppliers, on operations at their properties. The business and legal implications of such 3rd parties can be material and very complex, requiring disciplined oversight from the board.

  • Talent Strategy: We introduced the board to effective approaches and metrics to ensure that management is prioritizing attracting, retaining and developing the right cyber talent.

  • Cyber Governance & Oversight: The questions we tackled in this segment include: What does effective cyber governance and oversight actually mean for our client’s board, organization and industry? What are the practices that will have the most oversight leverage?

  • Establishing quality standards for help desk services and business continuity in alignment with the business needs of the organization and it’s clients. Ensuring an appropriate process to facilitate end-user training and employee feedback on the IT function was helpful in improving service quality.

Success Factor - Board Chair

The board chair played a pivotal role in the success of the strategy execution and operations. These included:

  • Effective facilitation during the learning clinic

  • Commitment to the development of the board’s cyber oversight practices

  • Encouraging psychological safety in the boardroom; creating a trusting environment for directors to lean and engage with the exercises

  • Easy to work with and open in communication

  • Flexibility and the willingness to learn new practices

Value Impact For Our Client

1

Improved Cyber Oversight

Improved proactive monitoring of cyber risk

Actionable Cyber Impact Visibility

Increased and actionable cyber risk awareness

2

3

Enhanced Governance

Better governance practices for cyber risk

We’re grateful for the opportunity

For God so loved the world that he gave his one and only Son, that whoever believes in him shall not perish but have eternal life. John 3:16