Why protecting your information is a board-level responsibility
Protecting key information assets is of critical importance to the sustainability and competitiveness of businesses today. Companies need to be on the front foot in terms of their cyber preparedness. Cyber security is all too often thought of as an IT issue, rather than the strategic risk management issue it is.
There are many benefits to adopting a risk management approach to Cyber security, including:
Corporate decision making is improved through the high visibility of risk exposure, both for individual activities and major projects, across the whole of the organisation.
Providing a financial benefit to the organisation through the reduction of losses and improved “value for money” potential.
Organisations are prepared for most eventualities, being assured of adequate contingency plans.
Here is a set of questions which may assist and support your existing strategic-level risk discussions, specifically how to ensure you have the right safeguards and cultures in place.
Key questions for CEOs and boards
Protection of key information assets is critical
- How confident are you that your company’s most important information is being properly managed and is safe from cyber threats?
- Are you clear that the Board are likely to be key targets?
- Do you have a full and accurate picture of:
- the impact on your company’s reputation, share price or existence if sensitive internal or customer information held by the company were to be lost or stolen?
- the impact on the business if your online services were disrupted for a short or sustained period?
Exploring who might compromise your information and why
- Do you receive regular intelligence from the Chief Information Officer/Head of Security on who may be targeting your company, their methods and their motivations?
- Do you encourage your technical staff to enter into information-sharing exchanges with other companies in your sector in order to benchmark, learn from others and help identify emerging threats?
Pro-active management of the Cyber risk at Board level is critical
The Cyber security risk impacts reputation, culture, staff, information, process control, brand, technology, and finance.
Are you confident that:
- Have you identified your key information assets and thoroughly assessed their vulnerability to attack?
- Has the responsibility for the cyber risk has been allocated appropriately? Is it on the risk register?
- Do you have a written information security policy in place, which is supported through regular staff training? Are you confident the entire workforce understands and follows it?
Companies benefit from managing risks across their organisations. By drawing effectively on senior management support, risk management policies and processes, you can create a risk-aware culture.