Insights
We are proud to be named a West Coast Regional Leader for 2024
Governing cybersecurity requires understanding your enterprise's digital systems
ARTICLE | September 19, 2024
Authored by RSM US LLP
Digital systems are foundational in today’s business environment and can provide competitive advantages when properly used. However, their failure can also damage companies and disrupt society. Digital system complexity and related cybersecurity challenges are only growing with the addition of artificial intelligence (AI) to the business landscape. Digital systems are here to stay, and they are challenging for boards and management teams to govern and manage.
Taking on these challenges begins with the board and management team developing a shared understanding of the systems that make up every enterprise. The “enterprise as a system” (EAS) consists of the web of components necessary for a business to function: information technology tools (applications, servers, databases, hosted solutions); physical elements; and the people who utilize them. Boards and management teams need a business-level understanding, not technical knowledge, of how these systems work and interact across the enterprise, achievable through three essential actions:
1) Organize the board and management team for optimal governance and management.
2) Educate the board, management and employees about the EAS and its related cyber risk.
3) Foster a culture in which all stakeholders share responsibility for cybersecurity.
This is the second of four articles that explore each of these elements and how they work in concert to align board directors and managers on addressing digital risks to their business. The “organize” element was addressed in a previous article: Governing cybersecurity means revamping your organization and processes. This article addresses the “education” element.
EAS ‘education’: Contextualizing digital risk as a systemic risk
Typical cybersecurity reporting to the board and C-suite deals with areas such as compliance, penetration testing, heat maps and dashboards. Although impressive and important, this information can be overly technical and lack context—providing it to board members is like showing them the instruments in the cockpit of a jumbo jet and then asking them to strap in and fly.
Ultimately, important cybersecurity indicators without context have limited value for board governance. In addition, cybersecurity management teams often lack the enterprise-wide perspective of experienced board members, a perspective important for dealing with enterprise-wide risk.
For these reasons, boards and management teams must meet in the middle to develop a shared understanding of the systemic risk that digital risk poses to the enterprise.
Key actions for boards
Bringing it together
Understanding how digital systems work and interact is table stakes for effectively governing and managing in today’s business environment. The steps outlined in this article prepare boards and management teams to take advantage of evolving complex digital systems, including AI, while minimizing their risk. Investing the time and resources to educate boards and management teams will result in more resilient enterprises, reduce incident recovery time and optimize cybersecurity spend. Together the “organize” and “education” elements of the EAS set the stage for developing a cybersecurity culture where all stakeholders feel responsibility for protecting the enterprise against cyberattacks. There are no check-the-box solutions for digital risk.
Let's Talk!
Call us at +1 213.873.1700, email us at solutions@vasquezcpa.com or fill out the form below and we'll contact you to discuss your specific situation.
This article was written by Rod Hackman, Robert Snodgrass and originally appeared on 2024-09-19. Reprinted with permission from RSM US LLP.
© 2024 RSM US LLP. All rights reserved. https://rsmus.com/insights/services/risk-fraud-cybersecurity/governing-cybersecurity-understanding-your-digital-systems.html
RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent assurance, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/about for more information regarding RSM US LLP and RSM International.
Vasquez + Company LLP has over 50 years of experience in performing audit, tax, accounting, and consulting services for all types of nonprofit organizations, governmental entities, and private companies. We are the largest minority-controlled accounting firm in the United States and the only one to have global operations and certified as MBE with the Supplier Clearinghouse for the Utility Supplier Diversity Program of the California Public Utilities Commission.
For more information on how Vasquez can assist you, please email solutions@vasquezcpa.com or call +1.213.873.1700.
Subscribe to receive important updates from our Insights and Resources.