Privileged knowledge can make directors a high value target for cybercriminals

Privileged knowledge can make directors a high value target for cybercriminals

“Directors are still very reluctant to accept and take accountability for this growing business risk, “ says cybersecurity specialist Tom Walton.

“Directors have access to large amounts of important and sensitive information. Sitting on multiple boards means more information and more organisations which could be compromised. More and more often, directors are viewed as a potential weak link in an organisation’s defences and they become a target,” says cybersecurity specialist
Tom Walton.

“Cybercrime is the third biggest risk facing businesses globally, with a total market exposure anywhere from $500 million to $1 trillion. It is now even surpassing drug trafficking as criminals work out they can easily make a lot of money, fast, whilst remaining removed from the event itself.”

“Directors are still very reluctant to accept and take accountability for this growing business risk. Many think it doesn’t apply to their organisation because they are too small a target, but in reality, cyber-attacks occur because of a lack of cyber preparedness and a weakness in defences,” says Walton.

“There is disconnect between the rapidly growing threat from cyber-attacks and the approaches used by businesses to manage them. First and foremost you need to understand what you don’t know. By having the conversation and putting plans and defences in place, when not if a cyber-threat does happen, damage is minimised and the business can recover quickly.”

He says cyber governance best practice needs to be led from the board room and implemented into organisational culture.

Related: The top cyber risks for NZ in an interconnected world

Read more: Brace for industry convergence and digital transformation: Frost & Sullivan

ISACA: The cybersecurity questions boards need to address

Cyber protection is no longer a technical issue; it is a business issue requiring board attention, and cybersecurity needs to be approached in a holistic manner, states a new report from global IT association ISACA.

The paperThe Cyberresilient Enterprise: What the Board of Directors Needs to Ask, stresses the need for governance over critical cyber events to help reduce the impact of these incidents and restore normal business.

“Today’s attacks on enterprises are persistent and advanced, no enterprise is 100 per cent secure. It is no longer sufficient to only focus on prevention and detection,” says Ron Hale, chief knowledge officer of ISACA. “Board members need to evaluate the operational risk inherent in today’s digital business and direct management to ensure that the enterprise is more than just protected—it is resilient. This guide offers key questions boards should be asking to become a resilient enterprise and continue its mission of value creation.”

The ISACA report says key questions boards should ask include:

• Is sufficient attention given to the ability to defend against intrusions as well as the ability to recover and restore essential functions and services?

• Is the board routinely informed about the potential material operational risk and risk mitigation strategies as well as incidents that could impact the brand?

• To what extent have essential services and functions been identified and programs implemented to provide for their resilience in the event of a disruption or cyber incident?

Send news tips and comments to

Follow Divina Paredes on Twitter: @divinap

Read more: Gaining the digital strategy high ground: IT vs. the organisation? Who wins?

Follow CIO New Zealand on Twitter:@cio_nz

Sign up for CIO newsletters for regular updates on CIO news, views and events.

Join us on Facebook.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ISACAdigitaldisruptionGlobal Information Security Survey 2015Institute of Directors

More about FacebookISACATwitter

Show Comments