The growing threat of cyber risk is a hot topic in boardrooms across the country. Directors know that cybersecurity issues pose a growing threat to their organizations. But they might be surprised to discover that their own digital behavior could put their organizations at risk.
Diligent’s inaugural cybersecurity survey reveals that directors in Australia and New Zealand need to strengthen their own data security practices. Management has a role to play, providing directors with support and tools for improving awareness, oversight and risk management.
What we discovered about directors’ digital security
The survey identified five key themes:
- Directors’ email is a common weak link, but it’s not the only one.
- Board communications are often outside organizational policy and oversight.
- Directors agree.
- Boards need more information and support to oversee cyber risk effectively.
- Technology is driving more communication between directors and management.
An organization’s cybersecurity is only as strong as its weakest link. The survey findings demonstrate that a more cohesive approach to managing data security at board level is needed.
Directors need solutions that address their unique risk profile and that is fit within the organization’s broader risk management framework.
Why cybersecurity matters
Cybersecurity is a genuine risk that we encounter every day. The Government’s Australian Cyber Security Center has assessed the risk of cyber compromise as ‘high’ in its 2017 Threat Report .
It’s a risk that’s only going to increase. Dan Tehan MP, said the Hon. Minister of Cyber Security , “In the world of cyber security, if you are standing still, you are going backwards. The cyber security environment is constantly evolving, and we need to be adaptive and proactive. “
The regulatory environment is evolving to address the growing cyber threat. The data breach notification has been made earlier this year is one example. Robust cyber defenses, but also to comprehensive plans in place for what to do if a breach occurs.
The impact of cyber incidents goes beyond financial measures – the operational and reputational damage can be significant. Boards have an important role in overseeing this critical business risk. Directors therefore need to contribute to a culture of risk awareness and individual responsibility.
Three ways to use the survey report to improve your own cyber risk management
Whatever the level of your organization’s cyber risk maturity, the diligent boardroom cyber risk report can help raise awareness and identify ways to strengthen defenses. Here are three ways to use the report:
1. Start a conversation
The first step in cyber risk management is being aware of the threat. Put cyber risk and data security on the board’s agenda and talk about the key issues facing your organization and industry. Ask your IT expert to brief on the controls in place and the extent of attempted cyber intrusions.
2. Benchmark yourself
How do you stack up against the survey results? By completing the survey questionnaire (anonymous, if that’s more appropriate). The findings can be found in cyber risk awareness and the culture of risk management in the top echelons of the organization.
3. Identify improvements
Once the issues are identified, they are needed the most. Cyber defenses at board level, from interim measures to best practice. With effective collaboration, directors and management can better protect the organization’s most sensitive information.
Practical suggestions for how to strengthen boards cyber risk culture.