Tackling cybersecurity regulatory compliance in the boardroom
This edition of the Diligent Minute, written by Dottie Schindlinger, Executive Director, Diligent Institute, focuses on the challenges and opportunities posed by an evolving regulatory environment.
Staying ahead of ever-evolving cybersecurity and data privacy regulations is becoming increasingly challenging for business leaders.
The August Director Confidence Index, conducted by the Diligent Institute and Corporate Board Member, revealed that 68% of surveyed U.S. public company directors view cybersecurity and data privacy as the most difficult areas of regulatory compliance. Elsewhere around the world, the NIS2 Directive and EU AI Act are adding more pressure for companies and their leaders to keep pace with an increasingly complex regulatory landscape.
For a C-suite and board trying to foster an organizational environment that accelerates growth and minimizes risk — while staying on the right side of changing cyber and data regulations — it’s imperative to incorporate regulatory compliance into their strategic plans.
Here are a few ways to do that:
Use technology to deepen understanding of regulatory changes
Acting as fiduciary stewards of their organizations means it’s essential for boards to continuously deepen their understanding of the regulatory environment. As regulations change, so too must the board’s expertise.
Recommended by LinkedIn
Yet, as directors pointed out in the Confidence Index, this can, understandably, feel like a Herculean task. Directors need tools that help them see what’s changed in terms of regulations, where their organizations are in danger of noncompliance, and the disclosures they need to make in order to satisfy regulator and shareholder demands.
Demand the data that informs strategic decisions — and ignore the noise
Incomplete, insufficient or just plain incorrect data can be as dangerous to boards as no data. Boards are in a unique position to ask for the data they need to help them comply with shifting regulations and to make fully informed decisions.
Governance, risk and compliance (GRC) platforms that are purpose-built to ensure that boards have access to accurate and complete data, are vital for identifying and responding to compliance issues. But this data can’t be provided in endless spreadsheets or files that directors need to sift through. The tool must provide the signal in the noise, presenting this key data intuitively for the board. The board’s language is materiality — the data should be presented this way as well.
Never stop learning
Boards are, in many ways, at the top of the corporate ladder. But a career of accomplishments is no excuse to stop learning. As regulations change, cultures shift and new risks and technologies emerge, boards are responsible for staying on top of it all.
Regular completion of board-specific educational programs are a must for today’s directors. These programs are a key way to maintain effective oversight of issues as wide-ranging as climate risk, AI ethics, cybersecurity, executive compensation and general governance best practices. Just as doctors, lawyers and other professionals keep their knowledge current with continuing education, so too should board members.
Utilize a comprehensive GRC platform
A comprehensive GRC platform can be instrumental for boards striving to keep up with regulatory volatility and data overload (or its antithesis, a dearth of data). By centralizing governance, risk, compliance, audit and ESG activities, and integrating with dozens of other financial and operational data sources, a holistic, AI-powered GRC platform provides detailed insights about what’s happening within and outside an organization, and allows directors to see the data they need, when they need it. The platform keeps tabs on all regulatory changes, while helping practitioners streamline and automate their compliance workflows and implement continuous monitoring. And it alerts leaders to potential red flags and high-risk areas before they become actual crises. The integration of AI-driven insights also helps in clarifying complex data, enabling boards to make timely and accurate decisions.
To see more of the insights from the Director Confidence Index survey, check out this article.
Team Lead, Senior Cybersecurity Policy &GRC Officer at Gunnison for the USHHS
3moESG in Cybersecurity? Please explain.
Executive Fellow at Kings Business School, KCL
3moGood article. A starting point is to have digitally savvy management and board of directors. This means education with a commonly shared set of words and definitions (lexicon) plus a few commonly shared simple frameworks (2x2 matrix, pyramids and 3x3 ERM heat maps.
CFO
3moInteresting article. Tackling cybersecurity regulatory compliance in the boardroom is a critical issue for many organizations, as it involves aligning IT and security strategies with legal requirements and industry standards
Cybersecurity Executive | MBA | CISSP
3moVery helpful. Would be interested to see similar articles about your IT Compliance, IT Risk, and compliance automation capabilities