Introduction: Information security – no longer just a technical matter
In the digital age, information security and cyber are not just a technological challenge – but a strategic issue at the core of organizational management .
Board members, who are responsible for managing risks at the top level, are now required to understand the implications of cyber threats and make informed decisions to protect assets, business reputation, and customers.
Especially now, as regulation tightens – Amendment 13 to the Privacy Protection Law , expected to come into effect in October 2025, sharpens the personal responsibility of board members and requires a rethinking of the organization's oversight mechanisms.
The need for an information security expert – why now ?
In the past, information security was seen as the responsibility of the IT department or cyber personnel.
Today, it is at the core of the responsibility of senior management .
❗ Lack of understanding on the part of board members may lead to serious incidents –
information leaks, system outages, damage to reputation, and even personal lawsuits against board members.
Regular professional support by an information security expert gives the board of directors control, transparency, and a true understanding of the organizational risk picture .
How does an information security specialist contribute to the board of directors ?
✔️ Mapping cyber risks relevant to the organization – including understanding the vulnerabilities in the industry and critical systems.
✔️ Compliance with mandatory regulations and standards – Privacy Protection Law (including Amendment 13), ISO 27001, GDPR, and more.
✔️ Informed and data-based decision-making – threat analysis, risk management and reports to management.
✔️ Planning a response to cyber incidents – simulations, management and board exercises, improving preparedness.
✔️ Implementing cyber as part of the business strategy – from a perspective of “security enables growth”, not “impedes innovation”.
Amendment 13 – and what does it mean for the actual board of directors ?
Amendment 13 requires the organization to comply with a series of information security requirements –
but it also places direct responsibility on the board of directors in all matters related to overseeing actual implementation.
What is required?
🔹 Appointment of an information security officer in the organization
🔹 Reporting to the Privacy Protection Authority about serious incidents
🔹 Ongoing supervision by the board of directors over the implementation of regulations and procedures
🔹 Administrative and legal liability in the event of material omissions
⚠️ This means: Non-compliance is not just an image problem – it can also constitute a management failure with legal consequences .
Conclusion: Professional guidance is a must – not a luxury
In a world where cyber is a strategic threat to the stability of the organization , a board of directors that operates without an information security expert is acting with business irresponsibility.
✅ Professional guidance provides the board of directors with tools for risk management
✅ Enables compliance with the law and a sense of security in the face of regulation
✅ Contributes to protecting the organizational reputation and continuing operations
✅ And most importantly – reduces the personal exposure of board members
The future is here. The question is – is your board ready for it ?
✍️ By: Idan Tzabari ,
an information security and IT strategy expert
who assists management and boards of directors in defining cyber policy, regulatory compliance, and managing both business and technological risks.
Cybersecurity & IT – Two Worlds, One Solution