Board Directors' Adaption to the New Digital Revolution (£)
Boards need to discuss the level of cyber risk tolerance for various assets and threats, how cybersecurity is factored into business decisions and business relationships particularly if you use aspects of the Cloud.
What were the cyber incidents and attacks that have taken place in our areas of business and how have we reacted? What have the different departments done to control, adapt and learn from the security, marketing and PR affects. And what were the discussions in the IT area and how have we re-vamped our security to adjust our capabilities?
The Relevant Questions
- Discussion and a review of the business structure as it relates to the electronic world and the clarity of the IT’s functions and commercial purpose is vital in the new Digital Age.
- The Board should determine how effective the CISO is at performing his/her job and the understanding that the Board in general has of the IT function and its responsibilities – how well has it done over the years and how has it changed to meet the new needs and strategy?
Understanding and anticipating these questions can help communicate more clearly with executives, implement cybersecurity initiatives and better position the organization for success.
You need to appreciate that it is not if but when you have and will be hacked. Setting up alternative systems that can be monitored for attacks is a positive deception system.
- Directors need to understand and approach cybersecurity as a company and market space management issue and no longer thinking cyber is just an IT problem.
- The Board must consider the legal issues of cyber in their market space.
- The Board must have access and discussions with cyber analysts.
- Directors should discuss the cyber opportunities for analysing their market space and related areas that may offer opportunities for their business
- Directors should be aware of the cyber insurance and cover that the business has and should consider.
Additional 5 Questions
5 additional questions CEO's should also ask about cyber risks
- How often have the Directors been on a cyber course or had someone from outside the business discuss and present about the current level and business impact of cyber risks to our company?
- How often has our industry/service area been attacked and what is considered the prime and secondary risks?
- Does our organisation’s cyber security apply relevant current cyber security standards and best practices?
- How many times and what kinds of cyber hacks is our business detecting weekly and how often is the Board informed about the attacks?
- Do we have an independent standard for measuring our cyber hacking response and how often do we test it and have it independently tested?
For more information and any questions please email us at Cyber Security Intelligence.com