Among other tangible action items suggested in PwC’s “The board’s role in overseeing cybersecurity” is management’s regular reporting to the board, fostered by an annual cyber calendar (consistent with the annual board and committee calendars corporate secretaries typically develop to organize other required activities) (p13) and inclusive of a cyber dashboard or scorecard (illustrated here on p6) to help the board understand and evaluate current risks, monitor trends, and track the company’s progress against specific metrics.
According to the report, suggested areas of board reporting include:
Boards are advised to consider actions in four areas to facilitate effective oversight, including integrating cybersecurity considerations into the company’s strategic decision making and corporate culture and reevaluating the board oversight structure. Suggested areas of oversight are accompanied by relevant benchmarking and suggested “next step” action items.