6 questions boards need to ask themselves when considering cyber security

Systems
Written By Laura Gowthorpe

Effective cyber security starts at board level. Cyber security strategy has to be embedded at every level of an organisation for it to work. And that starts with the board asking the right questions from the outset to make sure they’re covering all bases.

Based on advice from the National Cyber Security Centre we’ve extracted some of the most important questions your board needs to ask themselves to kick off the cyber security conversation the right way.

 

Does the organisation have a cyber security strategy in place?

If you’re starting from scratch, this question doesn’t apply.  But it’s possible you’ve already got some form of a cyber security strategy in place.  If you already have one, you need to review this in detail, taking into account the latest developments in cyber security certifications, technology and insurance.  

What current cyber expertise is there in your organisation, and where are the gaps?

You may already have some IT expertise in house, but the question is whether or not they have the skills and experience to guide your organisation in the right direction.  It’s possible you’ve got some cyber experience at board level, but again, you need to be sure the extent of their experience. 

Is the board clear on business critical cyber priorities? 

It’s not possible to mitigate all cyber security risks at all times.  So the board need to decide upon key objectives and stay in regular communication with technical experts to be certain the key cyber priorities are being adequately taken care of. 

Is every member of the board fully bought into the importance of cyber security?

It’s critical that every board member has a broad understanding of how cyber security affects their individual department so they can ask the right questions when it comes to setting strategy.  A cyber security incident will affect the whole organisation, not just the IT team. It could impact online sales, impact on contractual relationships with clients or suppliers, disciplinary action or have severe financial implications. 

As a board, what is our plan to develop in the areas in which we’re lacking?

Appointing ownership for the cyber security project is important for continuity and ensuring nothing gets missed.  This person needs to coordinate activities across the whole cyber security strategy. Devising a roadmap which clearly highlights gaps and engaging the right external or internal experts at the right time. 

How do we assure ourselves that our organisation’s cyber security measures are effective?

The board will need assurance that an appropriate suite of assurance activities are being employed and that there’s due process in place to regularly review defensive measures and these are updated accordingly. 

If your board is seeking expert technical or strategic advice on the subject of cyber security, use Fact3 as your first point of contact.

Get in touch today for a free consultation.


Laura Gowthorpe
Previous

What is co-sourcing, who is it for and what are the benefits?

Next

8 common people challenges faced by growing businesses