10 steps to effective board leadership on cyber security — Matt Palmer

10 steps to effective board leadership on cyber security — Matt Palmer

In just a few years, cyber has transformed from the nerd in the corner into the Kim Kardashian of risk. Everyone, it seems, has an opinion on the issue. That’s because it’s serious — businesses can be built on, and destroyed by, cyber risk.

The World Economic Forum’s Global Risks Report has consistently ranked cyber attacks among the top seven risks facing the planet in terms of likelihood and impact, while high-profile CEOs including Warren Buffett of Berkshire Hathaway and Jamie Dimon of JPMorgan Chase see them as the number-one threat to business.

Despite this, a 2019 poll of 1,300 large international organisations by insurance broker wtw found that only 11 per cent of boards have taken direct responsibility for their firms’ cyber security.

Although the private sector’s investment in protective tech and compliance has increased, few business leaders have a clear understanding of cyber risk and confidence that the necessary safeguards are in place at their firms.

By definition the Board of Directors is not hands-on, yet directors have a huge role to play – and boards can take practical steps to improve their cyber leadership and impact their organisation’s cyber security risk.

Here are my top 10 actions boards and non-executive directors can take today, to find a path forward for board leadership on cybersecurity.