ICAEW.com works better with JavaScript enabled.

Cyber strategy

Neil Hare-Brown looks at the various ways boards should be empowering effective cyber risk management.

Cyber security standards and best-practice are often considered too complex and technical for boards to effectively digest. As a result, many business leaders are uncertain as to whether their organisations are adequately protected against cyber attacks or whether they are supporting the right risk management decisions. In a world where the number of cyber attacks leading to data breaches, fraud and extortion crimes has risen significantly, businesses need to safeguard against the reputational harm that can be the consequence of a cyber incident.

The big picture

While the general approach from the cyber community is to both evangelise and empower board members with knowledge of the technical aspects of cyber security, this is not always appropriate or practical. In order to manage cyber risk effectively, boards need to understand, implement and monitor key strategies. However, they should not be concerned with tactical and operational level controls that – while also vitally important – use technical jargon they don’t need to master.

This is an extract from the Business & Management Magazine, Issue 273, April 2019.

Find out more


Full article is available to Business and Management Faculty members and subscribers of Faculties Online.


To read the complete article, join the Business and Management Faculty or subscribe to Faculties Online.