Author: Jessica Meek
Boards may need to step up their cyber expertise to deal with growing cyber threats
Lack of experience and expertise in technical matters may be intimidating boards trying to deal with the growing cyber threat, Carolyn DuChene, deputy comptroller for operational risk at the Office of the Comptroller of the Currency (OCC), warns.
The technical jargon that boards may be facing when trying to understand the cyber threat could stand in the way of decision making, she says. “We have to make sure boards understand the risks, which means getting information up to the right level in a manner in which they understand it and in a manner that means they have confidence to take action. And one of the hurdles for that has been intimidation, because it’s just overwhelming. Board members that don’t have a great depth of experience and expertise in such things as highly technical jargon may find it intimidating.”
As a result, DuChene says that technical language and concepts have to be translated so that board members can understand IT information in a risk capacity. “They want to be able to understand what it will prevent them from doing and where they may have less confidence about something from a risk perspective. They also want to know where they may need to make additional adjustments; so it’s very important that they understand fully the cyber threat.”