Board Level Cyber Risk Management Standard Needed

Calls for company boards to be active governance partners in “collaborative cyber defence” have been made in the Advanced Cyber Security Center's (ACSC)   effective practice report, “Leveraging Board Governance for Cybersecurity, The CISO / CIO Perspective." The report urges boards and their directors to adopt a dynamic understanding of their organisation’s cybersecurity responsibilities and to maintain regular direct access to CISOs and risk officers in conjunction with CIOs and other executives.


Importantly, the report seeks to create an initial benchmark and method of evaluation for the evolving role of corporate boards in cybersecurity governance, initially through the perspective of Chief Information Security Officers (CISOs), Chief Security Officers (CSOs) and Chief Information Officers (CIOs), the primary networks supported by the nonprofit, member-based Advanced Cyber Security Center (ACSC).


P{rimary recommendations of the report are:


The board’s strategic risk role: In most cases, the board partnership with management is still “at an early stage” or “maturing” phase in its ability to provide strategic guidance and help guide management’s strategic risk judgments.


Building board cyber expertise: Because most boards do not yet have sufficient expertise in technology or cybersecurity to serve as strategic thought partners on cyber risk, they should recruit board members with broad digital/technology expertise, develop an annual curriculum of cyber briefings, provide ongoing training, and use third-party assessments.


Aligning the board role and corporate structures: CISOs and CIOs should present jointly at board meetings to provide a holistic view of digital strategies and security.  Boards as a whole should review cybersecurity more consistently as a business risk; the risk or audit committee should be used for more frequent (at least quarterly) cyber reviews.


Overseeing cybersecurity and digital transformation budgets: Boards should present digital transformation budgets as a whole, with cybersecurity investments as an element of overall IT-related decisions about where to invest in growth and security.


Developing cyber risk metrics and measurement: Boards should prioritise and support senior management’s development of a new generation of outcome-based cyber risk management frameworks, and in the meantime, executives should use only a few operational metrics with boards.


The full report can be seen here

more news

Ransomware Tips Towards Enterprise Targets


Symantec's latest 2019 threat report shows a worrying rise in cyberattacks and cybercrime activity. Web attacks are up 56%, formjacking attacks are running at 4800 a month, enterprise ransomware is up 12 per cent although over ransomware attacks are down and supply chain attacks have increased by 70 per cent.

read more

Cybersecurity Threats Growing In Travel and Transportation


IBM Security has issued new research highlighting that the travel industry and its customers are increasingly the targets of cyberattacks as criminals seek to monetize highly valuable travel data. Compounding the problem, a new survey conducted by Morning Consult on behalf of IBM Security1 reveals that travellers are still blind to the risks they face on the road.

read more

Cyber innovation at the forefront of UK’s approach to modern warfare


Speaking at the recent NATO Cyber Defence Pledge Conference in London, Defence Secretary Penny Mordaunt told of the need for the UK and NATO members to recognise offensive cyber as central to modern warfare. As the UK has already demonstrated against Daesh in the Middle East, it can be a vital tool to keep people in the UK and overseas safe from virtual and physical threats.

read more

65000 GDPR Data Breaches In Europe To Date


European privacy authorities have received almost 65,000 data breach notifications since the EU's new privacy law went into full effect. In addition, regulators in 11 European countries have imposed $63 million in General Data Protection Regulation fines.

read more