We live in a world where digital and cyber threats are as real as physical ones. As board members and non-executive directors, we’re the guardians of our organisation’s reputation, assets, and integrity. And in today’s digital age, that means being the guardians of our cybersecurity posture as well.
You might think that things are improving. After all, the average time it takes hackers to be discovered has dropped from nine days to six. But don’t be fooled. This isn’t a victory lap. It’s more like a red flag.
Cybercriminals are getting faster, smarter, and more ruthless. Fuelled by artificial intelligence, they can now infiltrate our systems with lightning speed and wreak havoc before we even know they’re there. It’s like playing cat and mouse, except the mouse is armed with a digital weapon.
The traditional approach to cybersecurity – reacting to attacks after they happen – is no longer enough. We need to move from firefighting to prevention. Every second counts. The goal? To reduce the time between a cyberattack and its detection to seconds or minutes, not days.
Having worked in and around cyber risk since the late 1990s, primarily during my time at EY, I’ve seen the evolution of threats firsthand. It’s disheartening to see many boards still grappling with the fundamentals of cybersecurity. The reality is, cyber risk is an existential threat to organisations of all sizes. I’ve helped numerous organisations conduct in-depth cyber risk assessments, developing strategies to protect their most critical assets. It’s clear that a proactive, board-led approach to cybersecurity is essential for survival in today’s digital landscape. Every board needs to grasp the gravity of this challenge and take decisive action.
So, what can we do? As board members, we need to be deeply involved in cybersecurity. We need to build strong relationships with our information security teams, asking tough questions and demanding proactive strategies. Regular audits, continuous improvement, and investments in cutting-edge technology are essential. And let’s not forget about the human element – everyone in the organisation, from the boardroom to the mailroom, needs to be cyber-aware.
The stakes are high. A single cyberattack can cripple a business. But with the right leadership and a proactive approach, we can turn the tables on the cybercriminals. It’s time to make cybersecurity a boardroom priority. The future of our organisation depends on it.
What are your thoughts on this new approach? Do you have any specific areas you’d like to focus on?
Want to know more about how I can help? Reach me at LinkedIn here or contact me today for a no obligation discussion.
#cybersecurity #riskmanagement #board #leadership