Maturity Model for Boards of Directors in Cyber Risk Governance. A Conceptual and Practical Proposal

Abstract

Cyber risk is a novel risk for today’s boards. Addressing the dynamics of this systemic, emerging and disruptive risk requires high-level management bodies to leave the comfort zone of good practices and reports of risk managers, to discomfort their previous knowledge and certainties of corporate risk management and move forward in the conquest of the instability and uncertainty of a more digital and technologically modified society. In this sense, a maturity model for boards of directors in the governance of cyber risk is presented as a conceptual and practical proposal to generate proactive and anticipatory capabilities of its members in the face of unexpected events, allowing them to mobilize and remain in operation, while consolidating key initiatives that generate better and greater experiences in their customers from the reading of their risk appetite, their framework of latent and emerging risks, as well as the design of scenarios, playbooks, simulations and decision-making framework.