Close this search box.
Close this search box.

Incident Management: What the Board Needs to Know  

Imagine an incident occurs at a competitor, resulting in an immediate decline in market cap and an increase in regulatory focus on your industry.

risk management

How long before your board members read up on the incident and call you to ask “just a few questions”? How long before you need to call your security, risk or IT chief and ask how prepared your organization is to respond to a similar incident?

Being prepared with the answer before you get the call (likely as you’re sitting down to dinner on Friday night) can build confidence with your leadership team, make your next review go smoother, and help protect your organization from future incidents.

“A well thought out plan, based on industry standards and then well communicated to the organization, offers the best path to resolving the incident.”

There are numerous frameworks, compliance requirements, and industry practices that provide guidance on what an incident response process should include. For example, the Federal Information Security Management Act (FISMA) provides requirements on numerous topics for government agencies and those working with government agencies. These requirements are largely in line with guidelines from the National Institute of Standards and Technology (NIST). Such requirements and guidelines can be a good place to start with your plan, and you’ll want to add industry specific guidelines as well as any internal requirements that already exist in your organization.

Does your board know what NIST or FISMA suggest you should do? Board members will most definitely care when considering the expenses of hiring outside counsel and consultants to prepare before a government agency arrives to ask “just a few questions”.

In a succinct manner, you will need to demonstrate that your approach to incident management:

  • Upholds industry accepted practices.
  • Exceeds regulatory requirements.
  • Is better handled than that of the competition.
  • Aligns across the organization.

Implementing an industry standard methodology for incident response is an absolute necessity, regardless of the size or complexity of your organization. Simply “having a plan” won’t meet the expectations of board members, as they likely are unfamiliar with FISMA and NIST. Miscommunication and misalignment of both board and C-level views on defining, managing, and remediating incidents will add to confusion, stress, and could increase your company’s exposure.

A well thought out plan, based on industry standards and then well communicated to the organization, offers the best path to resolving the incident. You should know the answer to the question “what does incident management mean to our board members?” You also need to ensure that management knows what to do when an incident occurs. If your only opportunity to address the group is at a board meeting, you probably know that time allotted to topics during board meetings is always at a premium, and there are numerous agenda items competing for the time not already allocated. That makes it all the more important to clearly and concisely communicate and align expectations.

If an incident does occur, be ready for questions like “What caused the incident? Were we aware of the risks?What actions will be taken to prevent it from happening again?” This is where a governance, risk management and compliance (GRC) platform can shine, by correlating data points and reporting facts clearly and concisely to stakeholders. Your GRC platform will not only help you create and communicate your plan, but also help you prepare for the next questions your  board are likely to ask, by allowing you to capture the relationship of the underlying data points for causation, mitigation, and remediation and easily present them.

Answering a few questions posed by the rest of the C-suite and the board doesn’t get you off the phone. But anticipating the subsequent questions and having the data to back up your answers readily available, that may just get you back to dinner before it gets cold.


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events


    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)


    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.