Within minutes, the worldwide cyber attack of last week became one of the largest cyber crimes in history. Organisations were and are vulnerable. The relatively new threat of cyber warfare creates serious issues for Boards and organisations.
What is a Board of Director’s role in safeguarding the company?
Should Boards have cyber threats at the top of risk management issues?
Here are some of the aspects that boards should keep in mind:
Acknowledging That the Risk is Real
Creating a conversation around cyber attacks and cyber risk is where to start with regard to setting best practices for information security. A CEO and board should monitor existing threats and assess how they evolved over time. One way to do it is by focusing strategic discussions on risks for a specific department or line of business at an organisation, such as business expansion, digital transformation or M&A.
Cyber security awareness across the company includes training employees and making sure they are familiar with security policies and secure behaviours. Chad Greene, the Director of Security at Facebook, writes about Fortune 500 companies keeping two types of red teams to address cyber risks in the Fortune article ‘An exploitable weakness in network security: corporate boards’ – one team that would track potential weak points and the other to react to threats.
Developing Resilience for Business Continuity
IT and digital capabilities are hot skills for every Next Generation Board, across all industries. Research carried out by Accenture demonstrates that only one-third of organisations are competent at practicing cyber attack scenarios while just a few could identify which sensitive information and assets require protection during such attacks. The Board having a hands-on approach to prioritizing cyber security will reap economic benefits in the long run. Cyber security drills and simulations can help to assess how prepared the company is for crises. When CEO’s and board members participate in drills, they can get clarity on the kind of threats to anticipate going forward.
Re-Examining Insurance Provisions
CEO’s and board directors need to think about cyber attacks as more destructive than a low-level breach of consumer data, especially since any attack may jeopardize business-critical assets. Stress-testing existing defensive strategies by enlisting specialist employees or a cyber security firm can give a better idea about vulnerabilities before an actual attack happens. Having insurance that covers damages resulting from cyber attacks is another aspect to be kept in mind. While cyber insurance would typically focus on privacy violations, more and more businesses are requiring policies that include digital asset restoration, systems failure coverage and business interruption coverage that was the result of a third party, as in a cloud provider.
Evaluating the Organisation’s Risk Disclosures
In light of growing awareness about cyber threats, Boards should revisit their cyber risk and incident disclosure practice and be prepared for increasing spotlight on the Boards role in handling this security.
Director Institute Next Generation Directors is a private enterprise that is focused on developing and connecting the next generation of board directors with Australian and International organisations and boards.
Director Institute Next Generation Directors our members have access to one-on-one advice, mentoring, peer-to-peer education and business networking opportunities as well as exclusive board opportunities available no-where else in the market. Our easy to navigate resource centre provides members with regularly updated articles, how-to guides, opinion pieces, videos and webinars as well as thought-leadership from some of the world’s most respected authorities on board, leadership and management practices. To learn more about the Benefits of Membership please visit our website.