Why Are Security Vendors So Obsessed with Board Attention?

The Board needs to take an elevated view on cybersecurity, looking for cross-functional governance matters beyond the mere technical horizon

As I was looking back at the role of the Board around cybersecurity oversight in the context of this recent report from Diligent and BitSight, I was shocked to see the number of vendor-led or vendor-sponsored articles I was coming across, and the shallow nature of their argument.

At high level, all revolved around the same logic:

• Cyber-attacks can take your business down.
• Therefore, cybersecurity needs to be on the Board’s agenda.
• My product is key to preventing cyber-attacks.
• Therefore, the problem it solves needs to be raised at Board level.

This is flawed at a number of levels and simplistic in its views of the way corporate governance operates.

First of all, I don’t think it makes sense anymore to remind Board members of the relevance of cyber-attacks and their potential impact on business. The non-stop avalanche of security breaches we have been witnessing over the past decade across all industry sectors has opened their eyes on the…