It is a risk manager's job "to help leadership find the balance between risk that enables business and risk that lies beyond an organization's tolerance," writes Tony Martin-Vegue, a board member of the Society of Information Risk Analysts and co-chair of the San Francisco chapter of the FAIR Institute. Martin-Vegue uses a baseball analogy—hitting the ball on the "sweet spot" of the bat.
Cybersecurity has become a shared responsibility in enterprises, from the C-suite on down, writes Arcserve executive Richard Massey. Massey covers three areas in which governance could be improved, urging CEOs to make "data security a key point of discussion and engagement in meetings with the entire C-suite, investors board and partners."
It's time for a partnership of chief data officers and chief information security officers to "develop data governance strategies that bolster innovation while minimizing risk," writes Elizabeth Mixson. "CISOs can help CDOs strengthen security controls for sensitive data such as personally identifiable information (PII) while also increasing access to other, more valuable types of data," Mixson writes.
"Innovative life-saving technology must work together with innovative security solutions" in health care governance, writes Mike Elgan. The role of the chief information security officer "needs to be baked in to all other changes," Elgan notes.
The pandemic has put an increased spotlight on cybersecurity, prompting the World Economic Forum to release new principles for board governance on the subject. The WEF envisions a "cohesive, global, cross-border approach to cyber risk governance," with the report as the first step.
Almost a quarter of auditors surveyed for the Institute of Internal Auditors' Internal Audit Foundation plan to use cloud-based governance software this year. Auditors will "get to equal footing with other functions within their organization who have already made the move to cloud-based solutions," says John Reese of software-maker AuditBoard.
With environmental, social and governance issues rising in prominence, "ensuring best practice and compliance at an early stage will reap benefits," write James Whitaker and Sam Eastwood of law firm Mayer Brown. "Ultimately, these are, or should be, board-level concerns; responsibility for companies' performance, including by reference to ESG issues, lies with the board," they write.