Share this article on:
The current cyber security climate and the rapidly growing number of cyber threats faced by organisations on a daily basis have resulted in more and more company boards and directors calling for bolstered cyber security.
According to business cyber security specialists Tesserent, cyber security is now one of the major concerns faced by company directors and boards.
“Cyber security is now a top operational risk. It has been a baptism of fire for many non-technical board members who this year have had a big wake-up call and are now investing in their upskilling and knowledge,” said Tesserent chief executive Kurt Hansen.
“Company directors are asking key questions about their role in cyber security, what they need to do and the path they need to take their organisation. This sharply contrasts a few years ago [when] most enquiries originated by technical teams and CISOs.”
To assist organisations in strengthening their cyber posture in a world where anyone is a potential attack target, Tesserent has developed a 12-point plan for company directors.
The plan outlines the early stages of implementing good cyber security practices all the way to assessing and analysing where improvements can be made. The list, as written by Tesserent, can be found below.
- Establish a robust cyber security governance framework with clearly defined roles.
- Integrate cyber security seamlessly into overall corporate governance structures.
- Regularly assess cyber security risks, internal and external.
- Implement risk mitigation strategies and contingency plans.
- Stay informed of data protection and cyber security regulations.
- Align cyber security practices with legal and regulatory requirements.
- Cultivate a cyber security-aware culture at the board level.
- Invest in ongoing training for board members to stay ahead of emerging threats.
- Develop and regularly update your incident response plan.
- Conduct tabletop exercises to test response to various cyber threats.
- Assess and manage cyber security risks with third-party vendors.
- Ensure third-party contracts include cyber security requirements.
- Allocate ample resources and budget for cyber security initiatives.
- Prioritise investments based on risk assessments and specific organisational needs.
- Establish key cyber security performance metrics for regular board reporting.
- Review and analyse reports to track the effectiveness of security measures.
- Assess the need for cyber insurance and review policy coverage.
- Understand the terms and conditions for comprehensive protection.
- Consider adding cyber security expertise to the board through hiring or advisory roles.
- Ensure board members have a baseline understanding of cyber security principles.
- Regularly review and update cyber security policies and procedures.
- Stay informed about emerging threats and technology trends.
- Conduct regular cyber security audits to assess security control effectiveness.
- Use audit findings to drive continuous improvement in the organisation’s cyber security posture.
Tesserent’s new initiative comes soon after the release of the 2023–2030 Australian Cyber Security Strategy, which outlines the government’s plan to make Australia the most cyber secure nation in the world by 2030.
Tesserent said the strategy “specifically addresses the need to scale our cyber security maturity and resilience to meet the challenges of the next decade and beyond”.
“Company directors and other senior leaders are at the forefront of helping secure our nation against cyber crime,” it said.