Cyber Risk Directors Network
Overseeing cybersecurity risk
Cyber risk presents unique challenges to the world’s largest enterprises. They are often the targets of state-sponsored cyber threats. The economic and political impact of a successful attack on a giant company is disproportionately significant, not only on its direct stakeholders but also on national well-being.
In the largest enterprises, board oversight of cyber risk and cybersecurity must evolve quickly. Directors are keen to learn from their peers about enhancing and improving governance, and about working with the information security and privacy executives in their firms. The scale and scope of the risk is heightened by legacy environments and complex supply chains. Effective response will likely require greater engagement outside of the enterprise, both with other companies and with the public sector.
In the Cyber Risk Director Network (CRDN), Tapestry created a platform for ongoing learning, problem-solving, communication, and policy development aimed at enhancing national cybersecurity. In addition to holding regular meetings, the network collaborated on a new approach for building board capabilities in overseeing cybersecurity risk: Cyber Oversight Effectiveness Development (COED).
COED is designed to help boards develop oversight that is proportional to their exposure to cybersecurity risk, and to compare their cyber oversight capabilities with other firms. It is predicated on the belief that cyber risk often requires fundamentally different treatment than other risks.