10 steps to effective board leadership on cyber security
In just a few years, cyber has transformed from the nerd in the corner into the Kim Kardashian of risk. Everyone, it seems, has an opinion on the issue. That’s because it’s serious — businesses can be built on, and destroyed by, cyber risk.
The World Economic Forum’s Global Risks Report has consistently ranked cyber attacks among the top seven risks facing the planet in terms of likelihood and impact, while high-profile CEOs including Warren Buffett of Berkshire Hathaway and Jamie Dimon of JPMorgan Chase see them as the number-one threat to business.
Despite this, a 2019 poll of 1,300 large international organisations by insurance broker wtw found that only 11 per cent of boards have taken direct responsibility for their firms’ cyber security.
Although the private sector’s investment in protective tech and compliance has increased, few business leaders have a clear understanding of cyber risk and confidence that the necessary safeguards are in place at their firms.
By definition the Board of Directors is not hands-on, yet directors have a huge role to play - and boards can take practical steps to improve their cyber leadership and impact their organisation’s cyber security risk.
Here are my top 10 actions boards and non-executive directors can take today, to find a path forward for board leadership on cybersecurity.
As a NED myself, I understand this challenge. The above steps can all be taken relatively quickly, and will put your board in a strong position to lead on cybersecurity, as well as providing confidence to your stakeholders and support to your cyber security leaders.
This article is an updated version of an article that first appeared in the UK Institute of Directors’ Director Magazine, and includes further recommendations led by reader feedback that were not included in the original article. Please share your thoughts in the comments below, and I will answer all questions asked.