Before they even get into the oversight, the participants are presented with the issues and the key elements they should be able to talk about. "They have to be able to ask the right questions to address cyber risk as they would geopolitical issues or fraud," Gleason said.
Many companies make the mistake of thinking they have nothing of value to anyone else. "They don't know what a criminal is after. A hacker might not get customer data, but he can go after their marketing information. People don’t realize the information they have that may be of value," Gleason said.
The CERT program offers a baseline understanding of key issues in cybersecurity to help directors better understand the security systems they need to put in place which will allow them to provide more effective oversight on how to prepare for incidents as well as the responses they should expect should a breach occur.
"It’s not a question of whether they’ve been hacked. They have. It's whether they know it or not. The bad guys are already in their system. Every company is vulnerable," Gleason said.
Recognizing this reality has created a market demand for programs like this that are directly geared toward board members who are hungry to understand more about cyber as a business risk.
"The circumstances over the last three to four years have raised awareness. As companies have watched their peers go through breaches, they all recognize that their understanding of cyber is not where it needs to be," said Gleason.
Sign up for CIO Asia eNewsletters.