Risk and Resilience Practice

Boards of directors: The final cybersecurity defence for industrials

Board of directors deals with issues relating to the company, its shareholders, its employees, and the public, but it also helps define objectives, establish major goals, and stay focused on the company’s direction over time.

To that end, board members need to understand the organization’s landscape.


McKinsey Risk Report Practice cybersecurity OutThink

The board of directors plays a multifaceted role within a company, addressing issues spanning from internal operations to external stakeholder relations.

In today’s digital age, with cyberthreats on the rise due to increased technology adoption, boards play a critical role in guiding organizations to remain secure. To do so effectively, board members must grasp the organization’s digital landscape, enabling informed decisions to protect against evolving cyber risks.

A board member does not need to have specific knowledge about cybersecurity to add value. Instead, they need to test and ask the cyber team about potential business impacts.

The Risk & Resilience Practice report for boards of directors, offers a sneak peek into the advice the board is receiving, and equips CISOs and security teams with the necessary information to prepare for more effective conversations with the leadership team regarding the organization’s cybersecurity posture.

It enables CISOs and security teams to confidently address challenging inquiries from the board members as they transition from traditional basic training to more role-based tailored, adaptive security awareness training to achieve real active engagement and high completion rates.

The board is the last line of defense in ensuring such initiatives get planned and funded and therefore, set a high standard for cybersecurity.

McKinsey Risk & Resilience Report

"*" indicates required fields

McKinsey Risk and Resilience Report

Risk & Resilience Practice
Boards of directors: The final cybersecurity defense for industrials.

by Ayman Al Issa, Jim Boehm, and Mahir Nayfeh


Report Highlights: 

  1. Rising Cyber Threats: With technology advancements, cyberattacks are on a steady rise, demanding perpetual vigilance from organizations.

  2. Need for Strategic Security Planning: Beyond reactive measures, a strategic security plan led by boards is vital to navigate sophisticated cyber threats.

  3. Board’s Cyber Oversight: Boards play a pivotal role in shaping cybersecurity strategy and ensuring alignment with organizational goals.

  4. Diverse Attack Surfaces: Digital transformation exposes organizations to varied cyber vulnerabilities across operational technology, cloud, IoT, and AI domains.

  5. Strengthening Defender Capabilities: Despite evolving threats, organizations are bolstering defenses through talent, technology, and collaborative efforts, emphasizing resilience-building initiatives.

Be in good company