Only about half of UK companies have a cyber attack response plan in place. Boards must be composed in such a way as to enable rapid response. Start with structuring your board properly, with the right number of non-executive board members, and only the most important C-suite executives on the board. It is good practice to create a Cybersecurity or similar committee on the board. There should also be a board member with overall responsibility for cyber attack preparation.
The cyber attack threat is still not being taken seriously at the board of directors’ level at UK organisations.
Only about half of UK boards have a cyber attack response plan in place, according to an April 2018 study by Lloyds Bank. Only half (53 per cent) of companies regularly discuss cyber risk at their board meetings.
“A startling finding is that over a third of companies would pay a ransom to retrieve their data from an attacker when there is no guarantee that a business will get its data back or that its systems will be safe to use again,” comments Giles Taylor, head of Data & Cyber Security, Lloyds Bank Commercial Banking.
Learn about the importance of using secure communications technology in the boardroom with this free white paper.
Boards must be structured for response to cyber attacks
Harvard Business School Professor Walter Salmon points out that preparation is key to gearing up the board for cyber attacks.
A board structured for crisis prevention, according to Salmon, should only have three insiders on it: the CEO, the COO and the CFO. “Changing how committees function is also necessary for gearing up today’s boards,” Salmon notes. In fact, a growing number of companies are creating Technology or Cyber-security committees to ensure that enough attention is devoted to this risk. “In general, boards as a whole must spot problems early and blow the whistle, exercising constructive dissatisfaction.” On a revitalised board, directors have enough confidence in the process to vigorously challenge one another, including the company’s chief executive.
Boards must have robust governance measures for cyber attacks
The UN-sponsored investors’ organisation Principles for Responsible Investment (PRI) has made recommendations for boards of directors’ actions to prepare and respond to cyber attacks.
As the number of cyber-security incidents continues to rise – and take new forms – it is vital that companies have robust governance measures in place to manage and address risks. Having a person or committee directly accountable for this area is a key first step for companies. When companies allocate responsibility to a senior executive, they signal to investors that there is internal expertise to appropriately allocate investments, staff time and resources,” the PRI report explains.
Board oversight is another important area of focus for companies, according to PRI. Given the potential physical and economic implications of a cyber attack on business operations, boards should not only take control of preparation and response, but should also communicate their actions to all stakeholders, so that it is clear that the risks are being managed. Both BT Group and Morgan Stanley, for example, made a point of discussing cyber-security defences and response plans in their annual reports, PRI notes.
With lots of board management software to choose from, here are the 5 most important questions to ask during your search.
Board should establish communication channels for cyber attack issues
Maintaining oversight of internal risks which a cyber attack could target is also the responsibility of the board, or of its Cyber-security Committee. Is the board receiving the information it requires to assure the best protection, the PRI asks? Does the board receive detailed information about the company’s cyber attack and information security strategy?
In fact, just under two-thirds (63 per cent) of the boards surveyed by PRI could not indicate any established channels for this kind of communication, nor could they point to the frequency with which such communication was being made.
“Boards must be briefed regularly and in a timely manner by senior management and IT staff to facilitate informed decision making on cyber-security issues. This enhances directors’ understanding of the threat environment, vulnerabilities, strategic considerations and the internal control environment,” the PRI points out.
Want to learn more about how board management software can allow your board to better respond to a crisis?
Download the Forrester Report and see how your board could improve their communication practices.
Strong governance must be in place at the board level and throughout the organisation to ensure that protection is in place against cyber attacks, and that a response is ready should such an attack lead to a data breach.
The Diligent Governance Cloud provides powerful solutions and support for boards to prevent crises when possible and to react to them when they take place.
Diligent Governance Cloud: A reliable tool for achieving compliance
The Governance Cloud, the only integrated enterprise governance management solution that enables organisations to achieve best-in-class governance, is an ecosystem of software tools that digitises the various activities and tasks for the board of directors. As organisations grow more complex and regulations more stringent, the scope of governance responsibilities evolves. The Governance Cloud allows boards of directors to meet the demands in the boardroom and beyond with the ability to select the products they need that help them perform their best and work within their allotted budgets.
Governance leaders, executives and board directors rely on the industry-leading Diligent platform for the most secure and intuitive solution to board material management and collaboration. Diligent Boards™ electronically stores a board’s agendas, documents, annotations and discussions within a secure board portal. Company secretaries and board chairs can use the board portal to put together board books in minutes. The board portal also has designated virtual rooms for committee work. Company Secretaries managing the board portal can designate permissions for users to access various areas of the portal to avoid unnecessary problems with confidentiality. The “Manage Meetings” feature consolidates board directors’ contacts and calendars and the logistics of meetings. The program is a secure and intuitive solution for managing board materials and collaboration.
WANT TO LEARN MORE?
Learn how your board can improve their governance and rely on Diligent’s dedication to customer performance. Request a demo today
December 28, 2020
What Role Does the Board Play in Business Continuity Planning?
Continuing in the face of adversity has been the dominant theme of the past year. When the scale of disruption caused by COVID-19 became clear, businesses worldwide were forced to adapt rapidly to the restrictions that came into force overnight. While many organisations have business continuity plans designed to keep…
December 21, 2020
Business Continuity Plan Maintenance: A Step-by-Step Guide
A business continuity plan (BCP) is a living, evolving document. Designed to be activated when unplanned disruption strikes, it must be flexible enough to guide actions regardless of the specifics of the situation. In a fast-changing environment, business continuity plan maintenance is an essential part of the business continuity programme…
December 8, 2020
Board Meeting Minutes Best Practices and Guidelines
Guidelines for Board Meeting Minute Taking In order to keep the courtroom from invading the boardroom, the most basic rule is, “saying less is often better,” warns the London-based law firm Bricker & Eckler in a recent note. “Today’s business climate places heightened…