Cybersecurity

How do effective directors secure the organisation against cyber risks?

Based on a framework of global corporate governance best practice, which can be used in all organisations anywhere in the world, this chapter of Questions To Ask (QTA) in the boardroom gives a high-level but succinct introduction to cybersecurity at board level.

All directors are responsible for the framework of standards, processes, and activities that secure the organisation against cyber risk.

The chapter considers key topics that are pertinent for directors to be mindful of, followed by pertinent questions to ask in the boardroom. Cyberattacks have the potential to be as destructive as natural disasters, and having clarity at board level on the company’s key data and assets is strategically critical. Not all data requires the same level of protection. It is also key to look at third-party relationships that can put the organisation at risk. Security awareness and training for all employees should by now be second nature to most organisations, as should having a breach response plan in place. The plan should include everyone’s roles and responsibilities in a response scenario, and expectations from the regulators, law enforcement, customers, and other stakeholders.