{"id":212730,"date":"2026-02-12T13:37:00","date_gmt":"2026-02-12T18:37:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/12\/why-boards-must-oversee-not-manage-cyber-risk\/"},"modified":"2026-02-12T14:00:10","modified_gmt":"2026-02-12T19:00:10","slug":"why-boards-must-oversee-not-manage-cyber-risk","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/12\/why-boards-must-oversee-not-manage-cyber-risk\/","title":{"rendered":"why boards must oversee, not manage, cyber risk\u00a0"},"content":{"rendered":"<p><a href=\"https:\/\/nypost.com\/contributor-content\/cyber-security-consultant-joseph-steinberg-why-boards-must-oversee-not-manage-cyber-risk\/\">why boards must oversee, not manage, cyber risk\u00a0<\/a><\/p>\n<p><a href=\"https:\/\/nypost.com\/contributor-content\/cyber-security-consultant-joseph-steinberg-why-boards-must-oversee-not-manage-cyber-risk\/\">https:\/\/nypost.com\/contributor-content\/cyber-security-consultant-joseph-steinberg-why-boards-must-oversee-not-manage-cyber-risk\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-12 13:37:00<\/a><\/p>\n<p>Source Domain: <a href=\"nypost.com\">nypost.com<\/a><\/p>\n<p>\t\tNew York Post newsroom and editorial staff were not involved in the creation of this content.\u00a0<\/p>\n<p>Boards face an increasingly urgent question: how should they engage with cybersecurity risk when it represents the single largest threat to most organizations? The answer, according to Joseph Steinberg, lies in understanding a critical distinction that many boards miss entirely. \u201cEvery company really needs somebody on their board today who understands how to oversee the management of cyber risk,\u201d Steinberg explains, \u201cbut, while there are many people who know how to manage cyber risk far fewer know how to oversee the management of cyber risk.\u201d\u00a0<\/p>\n<p>This distinction between management and oversight defines the fundamental difference between boards that provide effective governance and those that inadvertently undermine their CISOs while creating dangerous gaps in organizational security.\u00a0<\/p>\n<h2 class=\"wp-block-heading\"><strong>The Critical Difference Between Cyber Security Consultancy and Board Oversight\u00a0<\/strong><\/h2>\n<p>Many players within the cybersecurity consulting industry have conditioned boards to think about cyber risk through the wrong lens. Traditional cyber security consultancy focuses on helping CISOs implement defenses: acquiring, deploying, and configuring security controls, building incident response capabilities, and managing day-to-day security operations. These tasks are components of management\u2014the active work of defending systems and data. Board oversight, by contrast, ensures that CISOs are doing their jobs effectively without the board attempting to do those jobs themselves.\u00a0<\/p>\n<p>\u201cThe difference is whether you\u2019re actively doing it or making sure someone\u2019s doing it the right way,\u201d Steinberg clarifies. This mirrors how boards approach every other major business function. \u201cIt\u2019s the same way that boards don\u2019t manage accounting; they make<\/p>\n<p>sure that the CFO is doing a proper job managing the accounting,\u201d he explains. \u201cIt\u2019s not my job to run the&#8230;<\/p>\n<p><a href=\"https:\/\/nypost.com\/contributor-content\/cyber-security-consultant-joseph-steinberg-why-boards-must-oversee-not-manage-cyber-risk\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>why boards must oversee, not manage, cyber risk\u00a0 https:\/\/nypost.com\/contributor-content\/cyber-security-consultant-joseph-steinberg-why-boards-must-oversee-not-manage-cyber-risk\/ Publish Date: 2026-02-12 13:37:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":212731,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2026\/02\/NY-PostPage-Six-3.png?w=1200","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[57],"class_list":["post-212730","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212730"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=212730"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212730\/revisions"}],"predecessor-version":[{"id":212732,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212730\/revisions\/212732"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/212731"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=212730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=212730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=212730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}