Questions Business Leaders Should Ask Themselves

Uploaded on 2021-06-14 in TECHNOLOGY--Resilience, FREE TO VIEW

PWC survey has found  that only thirty-six percent of board members have confidence in their company’s reporting on cyber security and while directors and senior management do not need to understand all the intricacies of cyber security, they do need to understand the business impact as well as the level of risks they are willing to accept. 
 
To do that effectively,  they need to ask themselves and the people whom they work with some searching questions.
 
Cyber crime is significantly increasing and it is time for the Board, directors and senior management to take more cyber security responsibility because if the organisation is hacked, they will be seen as responsible for the security breach. Cyber security should be a regular agenda item at Board meetings because directors need to gain an understanding of the cyber risks they are facing as an organisation and stay informed on a continual basis. 
 
Cyber security is a highly technical and specialised field, beyond the scope of most directors’ experience and  expertise. However, the role of the director is to ensure that their company is well prepared, has the right procedures in place and a high-quality leadership team that can respond quickly and effectively and that necessarily requires more than a basic understanding. 
 
  • The push towards digital transformation triggered by the coronavirus pandemic has only made companies’ task of protecting their data even more difficult. Recently, boards have been asking security professional for guidance on how to navigate a global pandemic with a workforce unaccustomed to working from home.
  • The rapid acceleration of digital transformation driven by the COVID disruption which has increased competition for talented, technically literate directors means getting knowledgeable talent to join the board has become harder.
  • A cyber attack will hit you when you least expect it and will probably occur in a way that you aren’t expecting. It is also important to recognise that the instigators of cyber attacks are typically sophisticated and well-organised criminals running lucrative businesses.

The key questions that directors should assure themselves they can answer in the event of a major breach. 

Is There A Comprehensive Cyber Security Strategy?    How confident are we that our company’s most important information is being properly managed and is safe from cyber threats? Do directors receive regular information from IT on who may be targeting our company, their methods and their motivations? 

How Are Cyber Attacks Detected And Responded To?     It’s great to know that all your business and customer information is secure but the board of directors would also want to know that there exists a plan of action whenever something gets compromised.  Without a doubt, data loss is seriously detrimental to any business and at times leads to its downfall also. That is why, the management would want to make sure that data backup and recovery plans are correctly put to place so that in case of an information breach, the business has the opportunity to fight back and thrive.
 
Are Accountabilities Clear?   Is there a defined process that identifies who does what when an incursion happens?  Have you confirmed that the business has escalation procedures in place and that these are up to date? How do you manage third-party cybersecurity risks    
 
Do You Have External Help You Can Call On When Attacked? Does the company’s commercial relationship with them guarantee timely access? Does your business have a war room environment ready to go when you are attacked? And do you understand what it can and can not do?
 
Can You Manage Reputational Damage?   Who Is The Public face of the business when you need to communicate a breach?   What is the company’s philosophy about paying a ransom if you are hit by a ransomware attack. What determines the decision to fight or pay?  
 
Does Your Organisation Have Cyber Insurance?    If yes, d do you understand the terms of coverage?  As a Board member, you need to understand the scope and details of the company’s cyber security insurance policy.  Part of an insurance plan is not just to insure your physical assets from a cyber threat. Ask your team if they have the tools and infrastructure that monitor your security parameters on regular if not real-time basis.
 
Cyber attacks are the new normal and the need for cyber  security is business critical. Business leaders have to be sure that they are looking at both the worst-case and best-case scenarios and are prepared to make some compromises to ensure a secure infrastructure.
 
PWC:       CPA Canada:       appknox:     Gartner:      AFR:     Tyler Cybersecurity:     
 
Symantec:         Which 50:      McKinsey:       ramsac
 
For advice and recommendations on your organisation's cyber security needs, contact Cyber Security Intelligence.
 
You Might Also Read: 
 
Get The Best Cyber Security Audits & Training In 2021:
 
« FBI Recover Ransom Paid To Pipeline Hackers
Beware Of Credentials Phishing »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

Data Security Council of India (DSCI)

Data Security Council of India (DSCI)

DSCI is a premier industry body on cyber security and data protection in India, committed to making the cyberspace safe, secure and trusted.

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

RBCCPS is an interdisciplinary research and academic centre within the Indian Institute of Science focused on research in cyber-physical systems.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.