Given the ever-increasing incidents of cyber threats, there is growing pressure on companies deal with such risks. Companies need to put in place the right governance structures, appropriate policies, and robust processes covering data storage, data transfer, and its use on the company network, to its final disposal. As cyber risk management is no longer just about preventing breaches (“The question organisations are facing is not if a cyberattack will happen, but when”), this means putting in place guidelines regarding the process to be followed once there is a cyberattack. This begins with the most basic of procedures, i.e. shutting access to equipment and networks. Then, the steps the company needs to take to resume normal operations.

This will help minimise financial and mitigate reputational damage when a breach occurs. Finally, boards need clarity regarding reporting data breaches - what and to whom.

Finally, there needs to be clarity regarding reporting data breaches - what and to whom. In this context, it is desirable for board members to have technical familiarity - or better still the acumen to understand cyber reporting, and risks, and, at the very least, the ability to interact with third parties and internal resources to effectively oversee the organisation’s cybersecurity architecture.

Read the full blog here