Be board-ready for a cyber attack
- There are many different parts to cyber security:
- Network security.
- Cloud security.
- Critical infrastructure security.
- Application security.
- The basic concepts of cyber security are:
- Many organisation struggle with cyber security because:
- It can be hard to keep pace of new threats.
- Cyber skills are in short supply.
- There can be large volumes of data making it hard to determine where the threat is coming from.
- Having the right control framework, or cyber security governance in place is essential for the organisation.
- Cyber security is a risk like every other risk.
- Regulators expect directors to take specific action on risks – eg. in the financial industry.
- Directors need to know:
- What are the assets at risk?
- What are the types of risks – is it availability, integrity or confidentiality?
- What are the risk management actions?
- Who is responsible for these actions across the organisation?
- What evidence is there that these actions are effective and cyber risks are managed?
- Having clear cyber security roles and responsibilities across the organisation is essential.
- There should be directors on the board who have the knowledge and skills to confidently question management on cyber security practices in the organisation.
- Regular internal audits should be carried out to review cyber security and identify whether external expertise should be brought in.
- Knowing how to navigate a cyber incident is a critical part of cyber security.
- When preparing for a cyber incident:
- Make an incident response contact list to include phone numbers, back up contacts, and key contacts such as HR, legal, insurers, pr, communications.
- Create a basic flow chart or process so everyone can visualise what needs to happen.
- Key questions for boards members to help prepare for a cyber attack are:
- What has the organisation learned from previous incidents?
- What are the most critical threats and risks to the organisation?
- How does the organisation ensure it can respond to a cyber attack?
- What are the organisation’s budget constraints?
- Who are the key stakeholders and supporting teams?
- How does the executive know that its incident response preparations will work in practice?
- Should the organisation develop its own in-house capabilities or rely on outsources capabilities?
Global research on the state of security in 2022 tells us that 65% of organisations have reported an increase in cyber attacks in recent times. Cyber threats are evolving and the impact of an incident can be catastrophic to an organisation. Cyber security protection is now a key strategic issue for organisations, especially for the board. In this webinar, Eoghan Daly, Director with BDO Ireland, will take us through:
– Cyber security and what it is
– The relevance of cyber security to your organisation
– Cyber security governance
– Considerations for the board when navigating a cyber attack
Eoghan is a Director with BDO Ireland and leads the firm’s cyber security work. His experience includes helping organisations to improve their approach to the identification, assessment and management of cyber security risks. He also has experience working with organisations in mining, education, pensions, manufacturing, healthcare, government and not-for-profit sectors.
Previous Webinars on the same series
Insights on leadership
Do you want regular thought leadership articles and guides? Sign up for our newsletter and receive weekly insights into the vibrant worlds of corporate governance and business leadership. Stay relevant. Keep informed.