Cyber-risk Oversight Handbook for Corporate Boards

Cyber-attacks are the fastest growing, and perhaps most dangerous, threat facing organizations today. Boards of Directors must take a leading role in oversight of the safety of their company’s cyber systems. However, a recent study from the Organization of American States and the  InterAmerican Development Bank found corporate boards in Latin America generally have low or medium levels of maturity related to cybersecurity, with most boards having only a “formative” knowledge on cybersecurity. Consequently, they may lack awareness of how cyber threats might specifically affect their organizations. However, due to the everchanging nature of the threat, boards are seeking a coherent approach to deal with the issue at the board level. In response, the Internet Security Alliance (ISA) and the National Association of Corporate Directors (NACD) created the first Cyber-Risk Oversight Handbook for Corporate Boards in 2014. The handbook proved an immediate success in helping Boards address cyber risk on a global scale.

While many elements of corporate governance in general, and cyber risk oversight in particular, are generalized, there also are unique characteristics that apply to specific countries and regions. The Organization of American States (OAS) and the ISA are working to build on the proven success of the original cyber-risk handbook and adapt it to the unique needs of the Latin American region. This publication is the result of a multistaged process OAS and ISA engaged in with hundreds of stakeholders from corporate boards, government, academia and senior management throughout the region in an effort aid to organizations in protecting themselves from cyber threats.