Why Boards Need to Rethink Their Approach to Cybersecurity: Insights from Cybersecurity Experts

In today’s world, cybersecurity is a critical concern for all businesses, big or small. Cybersecurity risks have evolved significantly over the years, and organisations must equip themselves with the knowledge and skills to protect themselves against cyber-attacks.

As a leading IT training provider, Netcom Training offers fully funded courses in cybersecurity to help businesses enhance their cybersecurity posture. Our courses are designed to equip individuals with the skills and knowledge they need to identify and respond to cyber threats.

Boards That Struggle with Cybersecurity Oversight

Despite the increasing awareness of cyber risks, most board members are not fully prepared to deal with a targeted cyber-attack. In a recent survey, Harvard Business Review found that only 69% of responding board members see eye-to-eye with their chief information security officers (CISOs), and fewer than half (47%) of members interact with their CISOs regularly. The communication gap between board members and CISOs is hindering progress in cybersecurity.

Furthermore, many boards focus on protection rather than resilience, which is the primary goal of cybersecurity. Boards must assume that a cyberattack will occur and prepare themselves to respond and recover with minimal damage, cost, and reputational impact.

Board interactions with the CISO are lacking.

According to a survey conducted by the cybersecurity consulting firm, NCC Group, many boards lack a meaningful dialogue with their Chief Information Security Officers (CISOs). Only 47% of board members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This means that directors and security leaders spend far from enough time together to have a meaningful dialogue about cybersecurity priorities and strategies. Additionally, the communication gap and board-CISO misalignment hinders progress in cybersecurity.

To forge strategic partnerships with CISOs, director-CISO engagement between board meetings would enable directors to ask better questions and understand the answers they receive. This would ensure that the board is better equipped to provide oversight of cybersecurity, which is critical for an organisation’s resilience to cyberattacks.

Boards focus on protection when they need to focus on resilience.

While the perceived risk of cyberattacks is high, boards are not investing in the right areas to prepare their organisations for resilience. The survey found that 76% of board members believe they have made adequate investments in cyber protection, and 87% expect their cybersecurity budgets to grow in the next 12 months.

The conversation needs to focus on resilience. Organisations must assume, for planning purposes, that they will experience a cyberattack of some type and prepare to respond and recover with minimal damage, cost, and reputational impact. Instead of discussing how the organization is set up to respond to an incident in a board meeting, the focus should be on what the biggest risk might be and how the organization is prepared to quickly recover from the damage should that situation happen.

Directors may shy away from asking difficult questions because they feel they are not knowledgeable enough about technical concepts to properly articulate the question or even to understand the answer.

Boards should ask questions such as:

“What is the technical risk to our business from potential cybersecurity incidents?”

“What are we doing about tempering any damage resulting from the realisation of that risk?”

“What is the organisational risk from potential cyber incidents and what are we doing to quickly recover from the consequences?”

“What is the supply chain risk from potential cybersecurity incidents and what are we doing about it so we do not lose a day of production?”

Boards should include cybersecurity experts to provide valuable insights and guidance for better oversight of cybersecurity. Additionally, boards should ensure that cybersecurity is a top priority in their organisational strategy.

How Netcom Training Can Help Organisations with Fresh Pools of Talent

As cyber threats continue to evolve, it is essential for businesses to invest in cybersecurity training to protect themselves from attacks. Netcom Training offers fully funded courses in cybersecurity to equip individuals with the skills and knowledge they need to identify and respond to cyber threats.

Netcom Training offers a FREE recruitment service to help organisations with fresh pools of talent from our latest cohort of cybersecurity professionals. We understand the importance of having skilled and knowledgeable professionals to protect businesses from cyber-attacks.

Our recruitment service helps organisations to find individuals who possess the right skills and experience to protect their businesses against cyber threats.

Get in touch with our Recruitment team today here.