A persistent tidal surge of new vulnerabilities which IT and security professionals are battling to hold back, combined with a lack of adequate leadership education for non technical Directors is leaving companies open to cyber attack and company Directors open to risk. Boardroom led security needs a shake up.
With the continued growth of remote working, cloud based services and Bring Your Own Device strategies, developing and maintaining an effective security programme is a real challenge for businesses.
A recent survey of C- suite executives by Deloitte found that around 30% of respondents cited difficulties in prioritising risks across their organisation and a further 28% claimed that there is generally a lack of management education around alignment on priorities. Just over a quarter of those surveyed indicated a lack of adequate funding for cyber security measures. For many boardroom execs IT is seen as a money pit that swallows huge costs and brings in no revenue.
In Scotland, the Scottish Government has established its Cyber Resilience Leaders Board to address the strategic requirement for Boardroom led security and the success of the Scottish Business Resilience Centres Trusted Partners model is now being rolled out across Manchester and the North East with London looking set to follow suit. The shake up has clearly begun but much more needs to happen to ensure resilient digital economies across the UK.
There is no doubt that after so many high profile cyber attacks Boardrooms are engaging in more conversations about security, but to be effective they need to properly understand the risks and develop an effective decision making framework. IT teams need to translate data into meaningful information if they are to secure the Board’s full appreciation of the risk and its commitment to develop and lead a cyber secure culture across the organisation.
A recent survey of C- suite executives by Deloitte found that around 30% of respondents cited difficulties in prioritising risks across their organisation and a further 28% claimed that there is generally a lack of management education around alignment on priorities.
How many boardrooms are provided with reams of data from IT but struggle to understand clearly what it means for the organisation as a whole? C-suite executives have usually been made aware of the cyber threat – they just aren’t necessarily sure what the real implications are for their business or them as Directors with legal accountability. When it comes down to it there are 2 simple questions – What is the risk to our business? And how do we protect against it? The answers need to be stripped of technical detail and be illustrated with practical examples.
Once the top executives are on board, they are in the best position to drive a security mindset across the whole organisation. If the entire company is aware of the risks faced and the part that each department and each employee plays in keeping data secure the business will be far better prepared to see off the cyber threat.
Net-Defence works closely with a number of corporate Boards to develop Boardroom led security and help them understand the threat to their business and develop the most effective measures required across the whole organisation to protect from cyber attack. Notably we also work with IT Directors, helping them manage the urban myth that their remit includes all aspects of information security including governance and compliance.
If you wold like a chat in strictest confidence about developing your boards education on security in the digital era, contact us for an obligation free discussion with one of our Real World Security specialists. We are known for our Board education and work closely with organisations such as the Institute of Directors to develop Boardroom led security.