Cybersecurity Is A Boardroom Blind Spot

Is cybersecurity on the agenda in your boardroom? In the most recent Cyber Governance Health Check it was found that 33% of boards have ‘clearly set and understood their appetite for cyber-risk’, up 18% from 2014.

However, on average only 54% of boardrooms ‘hear about cybersecurity twice a year’ – or when there is a cybersecurity incident, showing that not everyone thinks this issue is worthy of discussion at this level.

Is Cybersecurity Just a Job for the IT Department?

While large enterprises attract the headlines when it comes to data breaches and the disruptive consequences of a cyber-attack, SMEs are far from exempt. In fact the latest Government Security Breaches survey paints a very different picture with 74% of SMEs reporting a security breach in the last year, and SMEs being specifically targeted by cyber-criminals.

Encouragingly, we’re seeing more interest from directors and senior business leaders registering for our workshops that address SME vulnerabilities and how to develop a cybersecurity strategy to reduce these risks. However, we still come across the mind-set that security is a job for the IT department, not a business-critical factor that needs a top down approach.

A successful cybersecurity strategy needs buy in from the board to ensure that security policies are implemented across the organization; promoting a culture of awareness and prevention. Your IT department can install security measures to protect systems and information, but as the biggest threats to your business are actually your employees, IT security solutions such as firewalls and anti-virus software are not effective on their own.

Instead your IT team, whether internal or outsourced, needs sponsorship from the board. This means a place at the boardroom table and an understanding of how IT and security play an important role in business operations and strategy. Not addressing security issues effectively could cost your business significantly.

As well as considering the expenses to rectify a cyber-attack; but you must also factor in fines from the regulator if you operate in regulated industries, loss of clients, and stiffer fines from the EU under new data protection laws coming into play in 2018.

While larger businesses may be able to swallow the associated costs of a serious data breach or cyber-attack on their businesses, can you?

How to get buy-in from the Board

The first step to developing a robust cybersecurity policy comes when board members understand the implications of an attack. Again, especially for those in regulated industries, non-compliance is extremely serious for both the organization and individuals, where senior managers can no longer say that they were unaware of security risks.

Understanding how a cyber-attack can impact on an organization and its representatives, certainly focuses the mind! Sadly, this often comes only once an attack has been experienced first-hand.

Secondly, board members need to understand where those vulnerabilities lie so they can support their IT team, trainers and other key people within the organization. The most significant cyber-threat to SMEs is their own staff providing a gateway into the organization’s networks and systems. This may be through inadvertently clicking on a link to malware or sharing passwords and other critical information inappropriately.

Fortunately, this is one area of IT security that doesn’t involve throwing money at the problem only to be thwarted a new emerging threat. Training and awareness exercises for the benefit of all employees, and senior board members, will ensure that everyone within an organization is vigilant and proactive about keeping sensitive, business-critical information safe. However, this can only be achieved with the support of the board – leading by example and making security part of organizational culture.

Regular health checks, risk assessments or audits, formal written cybersecurity policies, as well as business continuity and disaster recovery plans are all important aspects of this, ones that directors and other stakeholders should welcome in the Boardroom.

Sign Up for Cyber Security Intelligence Board Reports

Infosecurity Magazine

« Half UK Employees Have No Cyber Security Training
Companies See Cyber Threats But Can’t Deal With Them »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

Prolimax

Prolimax

Prolimax deliver innovative solutions to IT Manufacturers, Distributors, Resellers and End-users including Data Erasure and secure IT Asset Disposition (ITAD)

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

Bolster

Bolster

Bolster (formerly RedMarlin) is an AI-based cyber-security platform designed to detect phishing and fraudulent sites in real-time.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.

ITC Federal

ITC Federal

ITC Federal delivers IT cybersecurity assessment services to support agencies in meeting their security strategies and federal security compliance goals.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

Lyvoc

Lyvoc

Lyvoc is a premier cybersecurity integration partner renowned for its expertise in supporting its clients to accelerate and secure their digital transformation.