Security Questions Your Company’s Board Members Will Ask

With the increased number of cyber attacks, companies are becoming more aware and focusing on their security programs. The board members of the company are having discussions with risk and security management leaders. It is highly unlikely that they will ask simple questions about cyber security rather they will be more specific in their probing.

Read more
Get ₹5 Cr Cover at just ₹4,60,000*
₹5 crore cover for only ₹2 lakh*

Expert Advice

Buy Right

Instant Policy

Quick & Hassle free

Dedicated Team

Speedy Claims

*Premium varies on the basis of Occupancy, Business Activity & Coverage Type

Please share some basic details

Step 1/2
Are you buying the policy for?
Or Contact us on: 1800-309-0988
Get Updates on WhatsApp
By clicking on "" you agree to our Privacy Policy and Terms Of Use

*Premium varies on the basis of Occupancy, Business Activity & Coverage Type

Just a step away from the quotes
Step 2/2
Are you buying Cyber Insurance policy for the first time?
Or Contact us on: 1800-572-3918
Get Updates on WhatsApp
By clicking on "" you agree to our Privacy Policy and Terms of Use

Things Board Members Care About

Apart from individual growth in the company, the board cares about majorly three things.

  • Cost: Avoid any future costs along with decrement in operating expenses.
  • Revenue/ Mission: Enhancing non-revenue mission objectives.
  • Risks: Market, financial, innovation, regulatory compliance & security.

Here are some of those questions that board members would ask.

Question-Related to Incident

Questions: What went wrong? How did this happen? I thought you had this under your control, etc.

The board members ask these questions when they get to know about the cyber breach or while the chief information security officer is telling them about the incident. It seems relevant when board members ask these kind of questions specifically about securing the online data of the organization since a large portion of employees is working remotely.

Now, you can tell them about the severity of the incident and state the facts. Tell them what you know and what will you do to resolve the issue. Acknowledge the incident and tell them about the impact it would cause on the business and what are your plans.

However, the security leader will be responsible for the oversight of the risk and security but make sure to define the accountability at the board/executive level.

Question-Related to Trade-off

Question: Are you sure that we are 100% secure?

This kind of question usually come up from the board members who do not understand the security and its impact on the business. Since it is impossible to be totally protected, it will be your responsibility to identify the risk and tell them about the resources that will be used to manage the issue based on business appetite.

You can respond to these questions like “Considering the nature of the threat, it is not possible to get rid of all the sources of risk. I will implement controls to manage the issue. As the business grows, we will have to repeat the reevaluation to understand how much risk would be fine.”

Landscape Question

Questions: How bad it is? How are we performing compared to others?

The company’s board members go through articles, threat reports, blogs and regulatory pressure to learn about the risks. That is why they always ask about how other companies are doing compared to their company.

You can answer like “ I would not hypothesize on the what other company is doing without getting enough information but I’ll let you know as soon as I get enough information.” You can discuss the broader security responses such as recognizing similar weak spots and how are you doing compared to them.

Risk Related Question

Question: Are we aware of the risks that we can take?

The board members know that accepting risk is a choice and if they don’t then it is your responsibility to let them know about it. They would want to know the expected risks of the company are being controlled and you should tell them the tolerance of the company.

Tell the board members about the impact on business due to risk management decisions and make sure to have proper evidence to back it up. The next part would be crucial as the board members take their decisions after knowing the risk tolerance. Since any risk beyond tolerance needs treatment to bring it within the safe zone. Having said that, this does not require any changes in a short period so beware of overreacting.

Question-Related to Performance

Question: Question-related to expenditure. Whether the company is spending enough on resources or if the company is spending too much.

The board members ask these questions because they want to know if the Security & Risk Management Leaders are working properly and they want reassurance about the Return of investment and Metrics.

You can take the approach and use a balanced scorecard that is based on a traffic-light mechanism. Make sure to tell them about the performance of the organization against business aspirations. Also, explain the aspiration according to the business performance and not technology.

Use of Cyber Insurance

Everything is done online now a days and with the increase in the usage of the internet, the number of cyber threats have also increased. Since every company whether a startup or an established one, all of them are prone to cyber threats. This is why it is vital for organizations to protect their online data with cyber insurance policies because cyber threats are inevitable.


These were some of the security questions that board members ask and you can respond to them accordingly. Even though organizations use the best anti-malware available in the market but the hackers are also getting better and better every day.

Written By: PolicyBazaar - Updated: 06 May 2022

Cyber insurance articles

Recent Articles
Popular Articles
Huge Market Potential for Cyber Insurance

19 Jul 2022

An online survey conducted by Policybazaar on National Insurance...
Read more
Ways to Maximize Cyber Flexibility to Support Hybrid Work

16 Jun 2022

If you are an employee then you must be aware of the hybrid...
Read more
What are the Key Metrics for Measuring Cybersecurity?

13 Jun 2022

With cyber-attacks constantly evolving, it only makes sense that...
Read more
Cyber Insurance War Exclusions

08 Jun 2022

Recently we have seen the Russia-Ukraine conflict and many...
Read more
Biggest Cyber Security Threats 2022

26 May 2022

Undoubtedly, there have been endless benefits to the internet...
Read more
Biggest Cyber Breaches in India
We live in the digital era. Now, almost everything is possible online as every other organization is going digital...
Read more
Impact of Cyber-Attacks On Insurance Industry
The cyber risks have increased after the outbreak of Covid-19. One of the main reasons behind the increment in...
Read more
What are the Key Metrics for Measuring Cybersecurity?
With cyber-attacks constantly evolving, it only makes sense that cybersecurity measures are constantly assessed...
Read more
8 Ways to Enhance Retail Store Security
Every shop owner must put in extra efforts to make their retail store as safe as possible. To create a secure...
Read more
Cyber Security for Retail: Threats & How To Avoid Them?
With the increased usage of the Internet, the number of cyberattacks has increased as well. Since retail shops...
Read more