How would you rate your board of directors when it comes to getting to grips with cyber security risks for your organisation? The reality is, while cyber security issues are now rated as one of the top three risks for 2017 by the World Economic Forum, for many boards the will to comprehend the risk is there but the skills and ability are lacking. Yet, with one of the largest cyber attacks ever seen on 12 May 2017 affecting organisations across 150 countries in under 12 hours, it is a risk that boards as well as the wider business must understand. And fast.

No organisation, however big or small, is immune from the actions of the criminal, activist or nation-state cyber community. And the fast-moving nature of the cyber threat makes it even more complex to protect against.

Data theft, loss of customers, regulatory fines, mergers or acquisitions in jeopardy, or attacks that close down critical parts of the business – at best, a cyber crisis can sting a little; at worst , it can turn into a major corporate crisis that can potentially cripple the organisation. With the average cost of a security breach estimated today at between £600,000 and £1.15m, according to the UK National Cyber Security Centre, it is clear that cyber security deserves to be one of the top corporate priorities for 2017.

Of course, one of the key challenges boards face when it comes to cyber security is the technical complexity of the tools and tactics used. But business directors do not need to get bogged down in technology to play an effective role in cyber risk oversight. In fact, in many respects, directors should apply the same strategic approach as with any other corporate risk, starting by understanding the threat landscape.

Jul-Sep 2017 Issue

Control Risks