As a board member in today\u2019s digital economy, what should you be thinking about? Cyber security, for sure.\nCyber risks are evolving and can impact every area of your operations. These risks change almost daily and can relate to complicated technology issues. When it comes to managing risk, the rapid rate at which technology is changing and the growing cyber risks leave board members in a difficult position.\nHere are a few suggestions to help you mitigate cyber risk and achieve greater transparency into your cyber operations:\nSeek Assurance of Cyber Controls\nIn the past, organizations relied on various consultants, internal resources, and sometimes just plain luck to identify and mitigate cyber risks. \u00a0To guide you, the AICPA just recently issued its much awaited standard on cyber security.\u00a0 The \u201cCyber SOC\u201d allows CPA\u2019s to audit a company\u2019s cyber security.\u00a0 This fundamentally changes how cyber threats are evaluated and managed, enabling an independent, objective look at an organization\u2019s processes, policies and controls around cyber risks.\u00a0\nThe Cyber SOC also provides an opportunity for you to assure to your customers that you are providing a secure cyber environment\u2014providing comfort to customers in any business.\u00a0 This is a huge win because customers are increasingly wary of cyber attacks and are looking for companies that take the growing threat seriously.\u00a0\nThe Cyber SOC is even instrumental in ensuring the robustness of internal controls and processes related to cyber risks. You can use the framework to perform a benchmark readiness assessment, which compares your organization\u2019s current cyber control framework against the established Cyber SOC control objectives.\u00a0 This benchmarking allows you to confidently identify gaps in your cyber control environment that can then be remediated.\u00a0 It\u2019s easy to imagine a Board requesting a Cyber SOC readiness assessment and then monitoring progress against the gap analysis on a quarterly basis. You can read more about the new Cyber SOC here.\nAsk the Right Questions\nAstute board members are asking questions about cyber risks, in part driven by their own learning and in part by their external auditor\u2019s questions.\u00a0 For public companies, the PCAOB has started asking questions to audit firms regarding their evaluation of the company\u2019s cyber position.\u00a0 Right now, these are just questions.\u00a0 In the near future, it\u2019s entirely possible that cyber risks will be included as part of the 10-K. In fact, there is legislation in the House now that would require cyber to be included in SOX certifications and testing.\u00a0 Once the trigger has been pulled, the PCAOB will require auditors to perform detailed testing around cyber risks and controls.\u00a0\nIn the current environment, boards need to continue to ask questions around cyber.\u00a0 Here are some questions you should consider asking:\nWhat kind of information do you have that is private?\nHow often do you conduct penetration testing and what type of penetration testing do you conduct?\nHave you been hacked or had any security issues?\nWhen was the last time your security policies and controls were reviewed?\nHave there been significant changes in the business or IT, or are changes anticipated in the near future?\nAsking the right questions is vital because they can lead to the effective actions necessary to secure your organization. Understanding your policies and procedures around cybersecurity is a must.\u00a0 It\u2019s important to not only understand what policies you have, but independently evaluate those policies and controls to ensure your approach appropriately mitigates your cyber risks.\nAs a board member in today\u2019s world, cyber risk should be top of mind. By anticipating the growing concerns and growing cyber threats, board members should start taking steps to manage cyber risks and help your business jump ahead of the competition by being first to the market with cyber resilience that makes your company more distinctive as a trusted\u00a0partner.