Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
Boards of Directors (BODs) have a unique role in managing cybersecurity: they provide oversight to operational and strategic decisions while executing a fiduciary responsibility to manage cyber-risk. Since organizations cannot count on 100% protection, BODs must ensure their organizations are cyber-resilient, and can recover quickly from cyber incidents. But BOD reporting mechanisms are inadequate for this role. Most of the reporting to BODs are on operational metrics around protection, not cyber-resilience and the business at risk from a cyber incident. This paper suggests a balanced scorecard for cyber resilience (BSCR) for BODs. This theory-building research was informed by surveys and focus groups of cybersecurity leaders and board members. The BSCR gives business context-based insights and metrics on the biggest risks to cybersecurity resilience faced by their organization, and the investments their operational managers have made to mitigate the impact of these risks. Armed with the BSCR, BODs have the information they need for meaningful discussions and evaluation of their organization’s cyber-resiliency.
Recommended Citation
Pearlson, Keri and Prakash, Mridula, "Board Level Balanced Scorecard for Cyber Resilience" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 5.
https://aisel.aisnet.org/hicss-57/os/topics_in_os/5
Board Level Balanced Scorecard for Cyber Resilience
Hilton Hawaiian Village, Honolulu, Hawaii
Boards of Directors (BODs) have a unique role in managing cybersecurity: they provide oversight to operational and strategic decisions while executing a fiduciary responsibility to manage cyber-risk. Since organizations cannot count on 100% protection, BODs must ensure their organizations are cyber-resilient, and can recover quickly from cyber incidents. But BOD reporting mechanisms are inadequate for this role. Most of the reporting to BODs are on operational metrics around protection, not cyber-resilience and the business at risk from a cyber incident. This paper suggests a balanced scorecard for cyber resilience (BSCR) for BODs. This theory-building research was informed by surveys and focus groups of cybersecurity leaders and board members. The BSCR gives business context-based insights and metrics on the biggest risks to cybersecurity resilience faced by their organization, and the investments their operational managers have made to mitigate the impact of these risks. Armed with the BSCR, BODs have the information they need for meaningful discussions and evaluation of their organization’s cyber-resiliency.
https://aisel.aisnet.org/hicss-57/os/topics_in_os/5