The interconnect and enterprise wide nature of cyber risk creates a complex lens through which boards must view cyber security, cyber risk management, board governance and regulatory compliance. It is a risk that touches all aspects of an organisations financial statements, where ever data is created, stored or consumed the risk of cyber must be evaluated and the impact of cyber risk attested by the board.
EU NIS 2.0 and DORA regulations released in 2022 require board members of covered entities to undertake regular cybersecurity risk management education, and demonstrate their experience in the oversight and assurance of cyber risks. The 2022 Securities and Exchange Commissions(SEC) cybersecurity risk management, strategy, governance and incident disclosure proposal, requires boards to report their cybersecurity knowledge and experience to the SEC, and undergoe regular cybersecurity education. Australian regulators expect boards to have suitable skills to effectively challenge the cybersecurity of their organisations.