Cyber events are now among the top three triggers for derivative actions against directors and officers. To rebut those claims, boards need CISOs to provide them with useful metrics and benchmarks that demonstrate an understanding of the exposure the company faces and how it mitigated risk. This is cyber resiliency, explains Cyber Innovative Technologies CEO Ariel Evans in this guest article. Evans details questions the board should be able to answer and the underlying metrics to support those answers, with instructions for calculations and examples of how they can play out in the context of ransomware strategy, vendor risk and budgeting. See also “Privacy Officers Share Best Practices for Reporting to the Board
” (Jul. 24, 2019).