“Cybercrime is the third biggest risk facing businesses globally, with a total market exposure anywhere from $500 million to $1 trillion. It is now even surpassing drug trafficking as criminals work out they can easily make a lot of money, fast, whilst remaining removed from the event itself.”
“Directors are still very reluctant to accept and take accountability for this growing business risk. Many think it doesn’t apply to their organisation because they are too small a target, but in reality, cyber-attacks occur because of a lack of cyber preparedness and a weakness in defences,” says Walton.
“There is disconnect between the rapidly growing threat from cyber-attacks and the approaches used by businesses to manage them. First and foremost you need to understand what you don’t know. By having the conversation and putting plans and defences in place, when not if a cyber-threat does happen, damage is minimised and the business can recover quickly.”
He says cyber governance best practice needs to be led from the board room and implemented into organisational culture.
ISACA: The cybersecurity questions boards need to address
Cyber protection is no longer a technical issue; it is a business issue requiring board attention, and cybersecurity needs to be approached in a holistic manner, states a new report from global IT association ISACA.
The paperThe Cyberresilient Enterprise: What the Board of Directors Needs to Ask, stresses the need for governance over critical cyber events to help reduce the impact of these incidents and restore normal business.
“Today’s attacks on enterprises are persistent and advanced, no enterprise is 100 per cent secure. It is no longer sufficient to only focus on prevention and detection,” says Ron Hale, chief knowledge officer of ISACA. “Board members need to evaluate the operational risk inherent in today’s digital business and direct management to ensure that the enterprise is more than just protected—it is resilient. This guide offers key questions boards should be asking to become a resilient enterprise and continue its mission of value creation.”
The ISACA report says key questions boards should ask include:
• Is sufficient attention given to the ability to defend against intrusions as well as the ability to recover and restore essential functions and services?
• Is the board routinely informed about the potential material operational risk and risk mitigation strategies as well as incidents that could impact the brand?
• To what extent have essential services and functions been identified and programs implemented to provide for their resilience in the event of a disruption or cyber incident?
Send news tips and comments to firstname.lastname@example.org
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter:@cio_nz
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.