EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Explore our Offerings
-
Discover how EY's cybersecurity, strategy, risk, compliance & resilience teams can help your organization with its current cyber risk posture and capabilities.
Read more -
Discover how EY can help the banking & capital markets, insurance, wealth & asset management and private equity sectors tackle the challenges of risk management.
Read more -
Discover how EY's data protection and privacy team can help your organization protect its information over the full data lifecycle.
Read more
Effective board leadership on cybersecurity: supporting CROs in managing risk
CROs and board members must work together to lead and govern effective cyber risk management. Specifically, boards must support CROs — and the entire business — in overseeing critical systems and assets from cyber threats. That process starts with asking the right questions to challenge senior management and business leaders to drive accountability for current cybersecurity practices and outcomes.
Beyond the questions already outlined, directors may also ask:
- Is the board hearing from the CRO and CISO often enough?
- How can the board stay attuned to unanticipated risks?
- Does the board have the data and tools it needs to understand and monitor vulnerability?
- What are the most credible sources of information on the latest cyber threats?
- How is the organization positioned to comply with new regulation relative to cybersecurity?
About the survey
The global EY organization, in conjunction with the IIF, surveyed CROs or other senior risk executives from 88 banks in 30 countries around the world from June 2022 through October 2022. Participants were interviewed, completed a survey or both. Participating banks were headquartered in Asia-Pacific (11%), Europe (16%), Latin America (18%), the Middle East and Africa (19%), and North America (36%), and 14% were G-SIBs.