Helping the board ready themselves for cyber resilience

Blog | Nick Wilding - AXELOS Head of Cyber Resilience | 20 March 2019

Nick WildingHow many times do we hear at cyber conferences and briefings or read in the press that boards need to be doing more to respond effectively to the cyber risks they face? I suspect very often!

But how many times do we see or hear from board directors themselves about the challenges they are facing, the tools and techniques they’re using or the progress they’re making to mitigate these risks? Rarely!

Cyber readiness for boards

Recognizing that boards have not received the type and level of support required to incorporate cyber into their risk portfolios, the UK National Cyber Security Centre (NCSC) and Lloyd’s Register Foundation have joined forces to fund a pioneering ‘Cyber Readiness for Boards’ research project. A consortium of leading UK cyber risk researchers has been awarded £1M to investigate how corporate boards assess cyber risk and make decisions about investments in cyber security, but also to develop interventions to provide actionable guidance and support for boards. AXELOS RESILIA is delighted to be part of this small academic and commercial consortium.

What needs to be done

There’s a gap that has to be filled, and filled by real evidence rather than opinion and supposition from people outside of the boardroom. We need to talk with and listen to those running organizations, to better understand how they view and react to their cyber risks in the context of managing the many other significant risks and opportunities that they face.

Looking at the UK Government’s FTSE 350 Cyber Governance Health Check 2018 survey, published in March 2019, it’s clear that even some of the largest corporations in the UK still need to come to terms with the new cyber risk agenda. In the survey’s executive summary it highlights:

  • Almost one in every two FTSE 350 companies (46%) is led by boards that still lack a comprehensive understanding of their critical information, assets and systems.
  • Boards in this position must take more responsibility for cyber security, and work to improve their understanding, rather than leaving this to the IT department.
  • Boards should continue to improve their understanding of the impact of loss or disruption associated with cyber threats.
  • Although the potential impacts of cyber threats are better understood now than they were in 2017, one in five boards still have limited understanding of the potential impacts.

The ‘Cyber Readiness for Boards’ project is a collaboration between researchers at three leading UK universities (UCL, University of Reading and Coventry University), the Research Institute for Science of Cyber Security, the National Cyber Security Centre, Lloyd’s Register Foundation and RESILIA, part of AXELOS Global Best Practice.

If you would like to find out more, or to assess ways in which your organisation could be involved in the research, please contact me at [email protected].

Read the UCL and NCSC press release

Read the full FTSE 350 Cyber Governance Health Check 2018 survey

 

Whaling for Beginners

Whaling for Beginners Book 1 Cover Image

Hackers are hunting ‘whales’ in the boardroom. They attack, steal and ruin reputations. Are you the whale they’re looking for? Could you stop them?

Find out more