30 Years of Governance - Cybersecurity: A Boardroom Priority

Cybersecurity is no longer just a technical matter, it has expanded to a central topic of corporate governance and risk management. With cyber-attacks increasing at an alarming rate, the World Economic Forum reports a more than 50% rise in attacks over the past two years. This rise in  cybercrimes is projected to cost the global economy $10.5 trillion in 2025, while the industry faces in the meantime a shortage of cybersecurity professionals. While these figures can be seen as “just statistics”, is it more than that, it’s a representation of real threats to businesses, implying financial loss, operational disruption, reputational damage, and personal liability for board members. 

For leadership teams, cybersecurity must be treated as a board-level priority. This means establishing clear accountability, allocating adequate resources, and implementing effective prevention and remediation strategies. Boards must ensure that cybersecurity is embedded into the company’s governance framework and risk management processes. 

1.The Dual Role of Artificial Intelligence 

Artificial Intelligence (AI) is transforming the cybersecurity landscape. On one hand, cybercriminals are using AI to scale social engineering and fraud operations. On the other hand, companies implementing AI systems may inadvertently introduce new vulnerabilities that criminals can exploit. 

However, AI also offers powerful defensive capabilities and business opportunities. It can analyze vast datasets, detect anomalies, reduce response times, and identify novel attack patterns. These benefits come with risks that must be managed through proper oversight and technical controls.

 

2.Risks of AI in Cybersecurity 

While AI can enhance cybersecurity resilience, it introduces several risks that executives must address such as personal data leaks and misuse (processing sensitive personal data, requiring robust governance model adaptations and access controls), IT system integrity (AI implementation may create new vulnerabilities, necessitating thorough technical due diligence and remediation) and increased complexity (effective deployment of AI requires professionals trained in both cybersecurity and AI risk management). 

Leadership must treat these risks strategically, assess use cases, establish guardrails, and ensure that AI deployment is secure and compliant. 

Cyber

3.Navigating the Legal Frameworks 

In the European Union, several regulatory instruments were put in place to govern the use of AI in cybersecurity: 

  • AI Act: Organizations must classify AI systems within the Act’s risk-based framework. High-risk systems must meet stringent requirements for data quality, robustness, and cybersecurity. 

  • NIS 2 Directive: Entities in critical sectors must assess cybersecurity in their AI supply chains and report vulnerabilities to national authorities. 

  • DORA Regulation: Financial entities must ensure AI tools are adequate for identified risks and conduct due diligence on third-party providers. 

  • GDPR: AI systems processing personal data must comply with principles of transparency, lawfulness, and data protection, including rules on automated decision-making. 

 

4.Management Responsibilities 

AI-related cyber risks require a holistic approach that integrates strategy, governance, people, processes, and technology. Management should account for a cautious approach to AI adoption, performing risk assessments and supplier due diligence. The AI implementation must come with tailored technical and organizational measures, including access management and data governance. Companies should invest in cybersecurity resources and training to build internal capabilities to ensure a culture of cyber-awareness and accountability across the organization. It is the board and management’s duty to stay informed with the current evolving regulations and best practices, ensuring regular updates and training. 
 

By taking these steps, companies can protect their operations, fulfill legal obligations, and maintain trust with customers, regulators, and partners. AI offers immense potential in cybersecurity, but its deployment must be strategic, secure, and compliant.