Resource Aims to Help Boards with Cybersecurity Oversight

A report from The Directors and Chief Risk Officers Group provides boards with guiding principles to enable the implementation of an effective cybersecurity program. According to the DCRO, which was formed in 2008 to focus on the top-level governance of risk in practice, a director should understand the full range of cyber risks facing his or her company and encourage management to develop appropriate strategies tailored to the company’s operating environment, risk profile, and long-term goals. The guiding principles urge directors to view cybersecurity as an important element of enterprise risk that they must oversee and to hold management accountable for recommending and implementing the overall cyber risk management strategy and polices, among other things. The principles also discuss managing cybersecurity within three lines of defense, understanding the company’s exposure to third party vendors and developing a corporate culture that places a high value on cybersecurity. The principles are not targeted specifically to mutual fund boards and do not contemplate SEC guidance but could be helpful to boards’ discussions of cybersecurity policies and procedures.