Cyber Oversight Effectiveness Development

October 2021

Nearly every large public company has made significant investments in cybersecurity. But even where internal management of cyber risk appears strong, a board may worry that its oversight of digital security is inadequate—or that it has no reliable way to assess its adequacy or to compare its capabilities with other firms.

A new framework, Cyber Oversight Effectiveness Development (COED) addresses these gaps and aims at helping boards become more resilient and adaptive. It is predicated on the belief that cyber risk often requires fundamentally different treatment than other risks, such as health and safety or fraud.

Using the COED Framework will increase board members’ individual and collective self-awareness, moving from an emergency “ad hoc” posture (where the board has little choice but to accept management’s guidance regarding the threat landscape and the questions the board asks about it) toward a stance that is both proactive and resilient. Getting the most out of the COED Framework will require time, resources, and energy, but the payoff will be greater readiness for digital transformation and value creation that goes beyond the important goal of protecting the company from cyber criminals.

For those firms that decide to invest further, the COED framework provides a multi-step process to help gain a deeper understanding of their organizations’ current capabilities, how they differ from those of others, and where they need to aim.

To learn more about the Cyber Oversight Effectiveness Development Framework — including a case study of how this process might play out — read the full report.