10 questions board directors should ask about cyber security
- Cyber budgets are growing so organisations are starting to spend more on resources and tools for cyber security.
- Statistics indicate that SMEs are being targeted more and more because organisations are putting more resources into cyber security.
- It’s essential for an organisation to identify the threats most relevant to it. Every organisation will have different threat profiles.
- Hackers will look at different vulnerabilities such as an organisation being under-resourced, lack of investment in cyber security, etc
- Cyber criminals typically want to target a company for financial gain.
- Think about who might target your organisation, why they might do it, and how would they do it.
- Identify your organisation’s essential IT systems. Know who is responsible for protecting these critical systems and how they are protected.
- Cyber security is complex, it’s hard to pin down and it’s everywhere.
- Use a framework to decipher what you’re doing well and where your cyber security gaps are.
- A good framework will help you determine whether you have the in-house expertise to deal with a threat.
- It’s good practice to pay professional hackers to attempt to penetrate your organisation to help you identify weaknesses.
- Cyber security is not optional, it has to be built into your strategy.
- Cyber criminals target employees individually as it’s easier than bypassing controls. It’s critical to have a cyber awareness programme in place for employees.
- Build this training into an on-boarding programme and a regular annual refresher training programme.
- Third party suppliers are a route into an organisation. Questioning the information that’s shared with the vendors your organisation uses is essential.
- If you’re highly reliant on a supplier, you need to make sure that they are managing their cyber risks adequately.
- Ensure your contract with any third-party supplier includes information about what will happen if a cyber attack occurs to their organisation.
- Incident response is a critical part of risk management.
- It’s critical to have an incident response plan set up that includes details of who should respond to an incident, their contact details, who needs to be notified about an attack, and a potential escalation plan if needed.
The cyber crime industry is becoming more robust and sophisticated. The threat of a cyber attack on any organisation is real. Decision-makers in every organisation need to know they’re prepared for a potential attack by asking the right questions about their cyber security.
Join Eoghan Daly, Director, Cyber Security Services at BDO Ireland, to know how to get the answers you need about your cyber security. Leave the webinar knowing how to discover any weak spots that may exist in your security.
Eoghan is a Director with BDO and leads the firm’s cybersecurity work. His experience includes helping organisations to improve their approach to the identification, assessment and management of cybersecurity risks. His experience includes working with organisations in Mining, Education, Pensions, Manufacturing, Healthcare, Government, and Not-for-Profit sectors. He is a board member of the Royal Society of Public Health’s Food Special Interest Group.
Previous Webinars on the same series
Insights on leadership
Do you want regular thought leadership articles and guides? Sign up for our newsletter and receive weekly insights into the vibrant worlds of corporate governance and business leadership. Stay relevant. Keep informed.