This British article by Andrew Sheldon is a quick read but it contains some helpful hints for Boards who are not quite sure what they should be doing about cybersecurity.
A recent BrandInsight/Kordia article reported that cybercrime cost New Zealand businesses an estimated $250m - $400m a year although that’s likely to be a very conservative estimate as much cybercrime goes unreported.
Here are some tips for any board when addressing cybersecurity:
- Get it on the board agenda. Evaluate your risk, strategy and mitigation - understanding your risk is key.
- Ask lots of questions - talk to your CEO, your CIO and ask for regular reporting on cyber issues from your management team.
- Lead by example - get board papers prepared, ask questions about staff training and preparedness.
- Prioritise budgets - "sometimes when CIO ask for more funds to address cybersecurity, those funds are given - but it feels like reluctant money; that needs to change".
- Investigate whether there is room on the board for a director with digital knowledge and experience who can help.