Cyber security experts have published new guidance for Britain’s corporate leaders to equip them with the basic technical details they need to understand the threats they face in cyber space, and to direct effectively their organisation’s response to them.
Specialists from the National Cyber Security Centre (NCSC), emphasised that boards of big companies cannot outsource their cyber security risks and need to understand what their technical staff are doing if they are to prosper securely in the digital age.
In support of this, the NCSC has published the first in a suite of guidance to businesses, setting out five questions that boards should ask about their company’s IT security.
The questions - and what to look for in responses - were proposed to board members at the Confederation of British Industry’s Cyber Security conference by the NCSC’s chief executive Ciaran Martin.
• How do we defend our organisation against phishing attacks?
• What do we do to control the use of privileged IT accounts?
• How do we ensure that software and devices are up to date?
• How do we ensure partners and suppliers protect the information we share with them?
• What authentication methods are used to control access to systems and data?
Martin warned that cyber security is now a mainstream business risk, so corporate leaders need to understand what threats are out there, and what the most effective ways are of managing the risks.
“There is no such thing as a foolish question in cyber security,” he stated. “The foolish act is walking away without understanding the answer because that means you don’t understand how you’re handling this core business risk.”
Last year’s FTSE 350 Cyber Governance Health Check Report found that 68 per cent of boards have received no training to deal with a cyber incident and 10 per cent have no plan in place to respond to one.
Matthew Fell, CBI chief UK policy director, said that digital security can no longer be the sole responsibility of the IT team. “Business boards are stepping up to challenge of improving their cyber literacy, but firms recognise more progress is needed,” he added.
Recent Stories