Cybersecurity continues to rise as a priority for Boards across Australia and the world, with major incidents in the media increasingly commonplace across various industries. Here we have provided our insight into some red flags for Directors and Board members to consider in relation to cyber and information security.
- Cybersecurity is not on the Board or senior managements agenda
Senior management oversight into cyber risk is key to ensuring effective business engagement in the issue. In a world where cyber criminals are intelligent and resourceful, without an effective top-down approach to cybersecurity, it simply cannot be a priority if it is not on the boardroom agenda.
- Cyber risks are not specifically included in assessing business decision
In all key decisions, whether it is the acquisition of a company, engagement of a third party service provider or acquiring new clients, cyber risks are apparent in all aspects of business decisions made today. The business needs to continually assess how their cyber risk might change with key business decisions, and what measures are in place to effectively mitigate those risks.
- Specific responsibility for cyber risk management
Who is ultimately responsible for an issue that’s hard to define? Cybersecurity is no longer an IT issue. It’s a governance issue that is owned by the business, secured through not just hardened infrastructure, but good practice by employees. Ultimately the owners of cyber risk management are the senior management team and the Board. They need to ensure the business is aware of their responsibilities and that identified risks are communicated well to the business.
- Cyber threats are not regularly reviewed, audited or updated
Businesses change everyday. As quickly as your Apple terms and conditions will change, so will the nature of your cyber threats. From the hundreds of business applications you might rely on, there are even more hundreds of applications that host, compile and manage those applications which your company uses in the day to day operations. Cyber threats are continuingly increasing, and proper audit of your risks will provide the best insight for management to make decisions. Internal risk and compliance teams should sit with IT regularly to review cyber threats as the industry develops, and as new products and services are acquired.
- Company strategy and planning does not consider the changing nature of cyber threats
Hackers are resourceful and smart and will utilise whatever means necessary to gain unauthorised access. Sometimes the best defence is offence, and effective detection and monitoring strategies will be far better investments than over-protection which can reduce productivity in your workplace. The company vision needs to consider the evolving nature of cyber threats, and how that will play into the growth of the company. If the company is looking to acquire new assets, or launch new products, management should consider the consequences of these decisions on cyber risk and how that will affect the overall cyber security program.
Speak with the Gridware expert today to better understand your cyber strategy and how grow your company without adversely affecting your security.