How do you augment existing governance and risk management frameworks to address the dynamic landscape of cyber threats? What do you need to do?
Here are the top ten actions every organisation's board should follow to effectively and strategically approach cyber governance.
- Stay Informed. Board members should stay informed about cyber threats and understand the potential impact on their organisation (including the supply chain).
- Responsibility. The board should appoint a senior executive accountable for cyber risk management.
- Resources. The board should allocate sufficient resources for related cyber risk management activities.
- Legal & Compliance. The board should ensure that there is continuous monitoring of cyber security-related legislation and regulations and ensure they comply accordingly.
- Communication. The board should communicate the importance of cyber risk management and all related activities to the entire organisation.
- Report. The board should receive regular reports on the top cyber risk priorities for the organisation.
- Audit. The board should require internal audits to evaluate cyber risk management capabilities as part of quarterly reviews.
- Capability. The board should ascertain the organisation's in-house capability for dealing with cyber risk management activities and establish relationships with specialist providers as necessary.
- Metrics. The board should agree on monitoring activities and related metrics in order to help establish proactive cyber defense capabilities - and thus prevent or reduce the impact of cyber threats.
- Integration. The board should ensure that all cyber risk management activities are integrated into other related key processes such as business continuity, acquisitions, mergers, crisis communications and even marketing.
Access our recent webinar to learn more about cyber governance.