Ongoing digitalization demands an even closer intertwinement of business and technology strategies, inevitably bringing information and digital technologies (I/DT) to the board level. Executive and supervisory boards are held accountable for strategy and control. As concerns digitalization, they responsible for both tapping into digital business opportunities and also for having command over the “dark” side of digitalization: cyber risk. Latest legislation has significantly raised compliance demands going so far as making boards personally liable for damages caused in case of cyber risks are taken imprudently or managed recklessly. Yet, field evidence that board involvement in cybersecurity planning and control in practice is limited to non-existent. Major barriers to board involvement are missing knowledge and understanding, missing practical guidance on how to manage and control cyber risk, and ineffective communication between boards and cybersecurity managers and experts.

Our research addresses the challenges of providing the board with oversight and enabling it to engage actively in what itis ultimately held responsible and liable for: the strategic planning and control of cybersecurity.

Selected publications

• Teubner, A.; Feller, T.: Informationstechnologie, Governance und Compliance. Für Sie gesurft. In: Wirtschaftsinformatik 50 (2008) 5, pp. 400-407.
• Teubner, R. A.; Terwey, J.: IT-Risikomanagement im Spiegel aktueller Normen und Standards. In: HMD — Praxis der Wirtschaftsinformatik, 41(2005)244, pp. 95–107.
• Teubner, R. A.; Terwey, J.: Informations-Risiko-Management: Der Beitrag internationaler Normen und Standards. In Becker, J.et al. (eds.): Arbeitsberichte des Instituts für Wirtschaftsinformatik Nr. 112. Münster 2005. (29 pp.).