Cyber Questions Directors Should Ask CIOs (£)
The cyber pressure on Directors and Boards is increasing as the hack attacks increase. This process is not going to stop in the medium term and understanding of your responsibility and improving your own comprehension of the cyber risks and the digital opportunities is extremely important.
This piece discusses the questions and understanding that Boards should discuss to get a clearer comprehension of where their organisation stands on cyber and digital security and progressive technology.
Strategic Cyber Questions
First question to ask yourself as a Board Director what understanding do you have about the cyber security and the digital technology that your organisation is using and is connected to?
Have you been on a course giving you cyber background and if so how often have you had an up-dated course – keeping you currently savvy in the IT area is very important. There are still ongoing arguments such as whether cyber risks should be a full-Board issue or delegated to an audit or risk committee but the real point is to ensure that the Board is fully aware of the strategic, security, the opportunistic areas and potential that your market and your business is cybered in.
What amount of time has your Board given to cyber issues but unless you as a Director have a clear understanding of your own organisation’s risks, opportunities and developments in the area you will be out in the cold when hacks take down your systems and electronics changes your market-space.
On the security side for instance, does your IT Director or Chief Information Officer (CIO) have a CISO (Chief Information Security Officer), reporting to him/her and does that person present to the Board?
How often does the Board and CEO get cyber briefings and are these restricted to security as there should also be opportunistic cyber briefings from IT and marketing. This should focus on the changing electronic elements of the market, clients and cyber analysis that could give a clearer picture of for instance the new areas of competition.
What are your responsibilities when it comes to explaining to your shareholders as to your cyber capabilities and the breath of understanding the company has for its cyber-security programme.