The ransomware threat posed by organized crime groups is considerable, and its impact can be devastating and threaten the entire business. This makes it imperative for boards to ensure the company has taken necessary cybersecurity precautions to resist the threat. Additionally, executives have seen the value of efficient infosec firsthand over the last eighteen months. The efforts security teams have made to keep businesses safely functioning during a global pandemic have been impressive, if not heroic.

Regardless of why the C-level is focusing on IT infrastructure and strategy, this interest presents an opportunity for security teams. I know this is true because over the last few years F-Secure’s board has been refining how we cooperate to make better decisions about our security posture and risk appetite.

At the core of this process has been the creation of questions we use to make the best use of our time together. When approached holistically and answered honestly, these queries allow us to understand if we are focused on the right things, whether we are achieving our goals, and where our gaps are.

Since we would have benefited by having a list to start with, we’re sharing five of ours now to help other organizations.

Start with the easier ones

Here are the first three questions that I expect board members to ask me whenever they get a chance:

  • What are the key threats against your top assets?
  • How do you protect your assets from cybersecurity threats?
  • Whose responsibility is it to implement protections?

Questions that help CISOs and boards have each other’s back

Chief Information Security Officer