Neil Hare-Brown looks at the various ways boards should be empowering effective cyber risk management.Cyber security standards and best-practice are often considered too complex and technical for boards to effectively digest. As a result, many business leaders are uncertain as to whether their organisations are adequately protected against cyber attacks or whether they are supporting the right risk management decisions. In a world where the number of cyber attacks leading to data breaches, fraud and extortion crimes has risen significantly, businesses need to safeguard against the reputational harm that can be the consequence of a cyber incident.
The big picture
While the general approach from the cyber community is to both evangelise and empower board members with knowledge of the technical aspects of cyber security, this is not always appropriate or practical. In order to manage cyber risk effectively, boards need to understand, implement and monitor key strategies. However, they should not be concerned with tactical and operational level controls that – while also vitally important – use technical jargon they don’t need to master.
This is an extract from the Business & Management Magazine, Issue 273, April 2019.