Companies are losing the cybercrime battle, according to new research suggesting much more needs to be done for organisations to reap the benefits of digitisation.
A report by TheCityUK claims that all companies battle cybercrime one way or another, but what is needed is an industry standard and a proper framework boards can follow.
Here’s what organisations should strive for:
1. Have relevant statutory and regulatory requirements like GDPR been met?
2. Have cyber exposures been quantified and financial resilience tested?
3. Is an improvement plan in place to bring exposures within the agreed risk appetite?
4. Do regular board discussions take place on concise, clear, actionable management information?
5. Are recently tested breach plans in place, which have been exercised at board-level?
6. Are the roles of key people clear and aligned to standard risk management methodologies?
7. Is there independent validation and assurance of the cyber risk governance programme, whether via testing, certification or insurance?
“Cyber security is now a major risk demanding board-level oversight as companies find themselves under siege from cyber-attacks” said Marcus Scott, chief operating officer, TheCityUK.
“In fact, for many of our members it may well be the biggest single risk. As well as mitigating against external attacks, boards must be aware of supply chain threats which could penetrate a business through internal channels. These criminals are smart and persistent. The best form of defence is a collective, industry-wide approach. It’s essential for all boards to have robust governance systems in place to manage these risks.”
Image source: Shutterstock/AlexLMX