As A Business Leader, You Must Manage Cyber Risk 

Uploaded on 2023-04-25 in TECHNOLOGY--Resilience, FREE TO VIEW

Cyber attacks are a key risk for boards and happen more often than people think. Such criminal acts usually make the headlines when they involve large data breaches or significant public disruption. The extensive use of technology in every facet of the business world urgently calls for security solutions that keep corporate networks and user data safe. 

Cyber crime is carried out using tactics such as stealing access credentials and infecting systems with malware, ransomware and phishing – poses a threat to data, processes, systems and customers. Even worse, cyber criminals might initiate a breach and exploit the incident by shorting the shares of their victims. Cyber security is therefore increasingly important for Directors.

Addressing cyber risk is a challenge for nearly any company and its board. Cyber is a complex, technical area with emerging threats occurring almost weekly. Most board members are not cyber experts, yet boards have an obligation to understand and oversee this significant risk. They need active engagement with leadership, access to expertise, and robust information and reporting from management. 

While some companies are keeping pace, many are working to upgrade their infrastructures and can miss key gaps in cyber security. The latest spate of ransomware attacks across large enterprises with deep pockets and public agencies suggests no one is immune. As cyber security is becoming a major focus in many corporate boardrooms, the growing threat of ransomware and systemic risks facing corporations today are making it an even more critical topic. 

Any director seeking to add value to corporate stakeholders should have an appreciation for this growing risk. 

As the US Securities and Exchange Commission (SEC) about to publish new regulations requiring publicly traded corporations to document their risk mitigation measures and name who on the board is a cyber security lead, we expect all boards will be revisiting the optimal ways to manage cyber risk. Corporate Directors should not wait for final rules from the SEC to start gap analysis on how the corporation is managing cyber risk. 

Some steps that can be taken right away:

  • Boards should be talking with management now to make sure there is clarity on current corporate processes and procedures for incident response and for cyber risk mitigation governance. A gap assessment should be conducted to assess the difference between best practices and current corporate practices.
  • All directors should seek to understand and mitigate cyber risk by leveraging expert advice from experienced risk management professionals. External advisors can rapidly evaluate board expertise relevant to the cyber security qualifications and can recommend additional training for the full board or the board designated cyber expert.
  • Every business is different. The threat to your business needs to be contextualised to be mitigated. For most large complex organisations this will probably mean convening a strategy session with key leaders from across the organisation where the new nature of the threat can be discussed. which leads to the next key recommendation, this needs to be treated as a business issue not just a security issue.
  • Ensure planning involves business leadership, not just IT and Security. Cyber attacks against the nation’s infrastructure and against infrastructures of other nations where your business or suppliers operate are issues for all leaders, not just cybersecurity and technology leaders. Leaders should examine topics of business resiliency and disaster response with an attitude towards long term business survival and support actions that will enable improved overall business resilience.
  • Many boards will decide to form cyber security committees so a few designated board members can work issues with management outside of board meetings.
  • Monitor execution, especially on actions requiring people to think differently. The cyber threat is so different it may be cause for actions many organisations never planned for.  For example, organisations may need to rapidly learn to use new “out of band” secure communication systems for executive communications and for communications with staff and all employees. 
  • Organisations may even need to revert to manual paper copy interactions with suppliers, banks and other stakeholders. Boards may need to meet and exercise governance without access to online data of any sort. 

Understanding Cyber Security

Above all, a board of directors must understand that cyber security is a dynamic discipline that requires unending monitoring and innovation. Laying the groundwork for reduced risk is essential but so is the knowledge that risk will always be there. Companies should also assess their existing insurance policies, whether they adequately cover asset value in the event of a breach, and if dedicated cyber insurance may help further mitigate risk. 

No matter the size of your insurance policy, leadership must remain involved and educated in cyber security for the business and prepare policies and procedures in the event of a breach with an eye toward responsibility.

Business leaders need to take action to keep informed of emerging cyber security, geopolitical and technological developments that contribute to systemic risks and that you check the links below and sign up for Cyber Security Intelligence’s Directors Report series, exclusively available to premium subscribers (below).

ZScaler:      IMD:     PWC:   Corporate Governance Institute:     Dataminr:     Oodaloop:  

You Might Also Read: 

Wanted - A New Generation Of Cyber Security Leaders:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Soft Cell Hackers Have New Targets
Selling Digital Insecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Dataglobal

Dataglobal

Dataglobal is an industry-leading provider of Information Archiving/Governance and Unified Data Classification solutions.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

Open Cloud Factory

Open Cloud Factory

Open Cloud Factory is a European based security company, that strives to ease the pressure on IT managers, by providing tools to implement your Security Strategy in an effective and easy manner.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum is a catalyst platform designed to create a more resilient and better cyberworld for all.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

GELLIFY

GELLIFY

GELLIFY is the first innovation platform dedicated to the high-tech B2B market, supporting start-ups and companies.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

Sotero

Sotero

Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment.

Secrutiny

Secrutiny

Scrutiny's core services include Cyber Maturity, Cyber Risk Analyser, Cyber Controls, Incident Response, SOC, Cyber Recovery and Assurance Testing.