The bad news: as a Board member, you will be targeted, the NCSC notes. You have access to valuable assets (both information and money) and organisational influence.
The good news: a methodical approach to ensuring security can remove low-hanging fruit; t vast majority of attacks are still based upon well known sophisticated attackers start with the simplest and cheapest options.
Learn more.
Section 2: Embedding Cybersecurity Into your Structure
A cyberattack brings with it operational risk, legal risk, and financial risk. Everyone needs to be involved in building resilience and enterprise processes need to reflect this.
If the CISO reports to a intermediary to the Board who only focuses on one aspect of risk – finance or legal or technology – this can hinder the ability for the Board to see cybersecurity’s wider implications.
Ask these four questions:
- Does the board understand how cybersecurity impacts collective responsibilities?
- Who has responsibility for cybersecurity in the organisation?
- How does the board assure that cybersecurity measures are effective?
- Is cyber risk integrated with business risk?
