Board members need to understand cyber security.
It is a statement that is regularly made about businesses, regardless of the sector or the size of the organisation, without further thought as to how those board members can better understand their organisation’s cyber risk profile. With new regulations in place, such as the General Data Protection Regulation (GDPR), board members now have raised expectations as to their roles and responsibilities.
That is why the National Cyber Security Centre (NCSC) today published a cyber Board Toolkit – made relevant to anyone that is accountable within an organisation, from the Board of Directors or Governors to Trustees and Partners. The Toolkit is also relevant for technical staff and security practitioners, who are able to use the questions in the toolkit to frame discussions with the Board. Through using the Toolkit, board members can know enough about cyber security in order to have a fluent conversation with their cyber practitioners.
The Toolkit provides:
- A general introduction to cyber security
- Separate sections, each dealing with an important aspect of cyber security. For each aspect, we will: explain what it is, and why it's important, recommend what individual Board members should be doing, recommend what the Board should be ensuring your organisation is doing and provide questions and answers which you can use to start crucial discussions with your cyber security experts
3. An Appendix summarising the legal and regulatory aspects of cyber security
Commenting on the publication of the launch, techUK's President Jacqueline de Rojas said:
“A common issue in the UK boardroom has been that cyber is delegated to the IT department and does not rise to the surface as a priority until a breach has occurred. Given that a cyber attack is no longer an 'if' but more likely a 'when', board members need help with guidance on what to protect and how to go about it.
Put together with input from a selection of boards from diverse sectors, this NCSC toolkit is a practical resource for board members and their CISOs. To help identify best practice and better understand how to articulate and discuss cyber investment decisions in the boardroom.
As the threat landscape increases and changes, techUK looks forward to working with the NCSC to promote and extend this guidance. In the event of an incident, boards will be in a position to respond effectively and in many cases take proactive steps to avoid attack on the first place.”
For further information, please visit the NCSC website here