ABSTRACT
A cyber security strategy needs to look beyond the corporate information network and corporate equipment such as desktop computers. Cyber risks can cause damage to many parts of an organisation, reputations can be damaged, efficiency can be reduced, employee well-being can be compromised, strategic information can be leaked, and sales can be lost. An important element of any cyber security strategy will be to decide what information most needs to be protected. The involvement of organisational leadership is essential if cyber risk is to be managed effectively. It is not just that risk management is part of corporate governance. The primary responsibility for cyber risk management belongs to managers within an organisation. The cyber risk landscape is constantly evolving. Most organisations will need to rely on specialists to ensure that technical cyber risks are being managed, for instance through constantly updated virus checkers and fraud site databases.
