• Home
  • About
  • Board Services
    • Board Establishment
    • Board Evaluation
    • Board Appointment
    • Board Dispute Resolution
  • News And Insights
  • Contact
Board Dynamics Board Dynamics Board Dynamics

NZ Herald: Where cybersecurity and the boardroom intersect

Home » NZ Herald: Where cybersecurity and the boardroom intersect
By Henri Eliot
Posted August 25, 2014
In Insights, News
  0
nzherald.co.nz

Henri Eliot: Where cybersecurity and the boardroom intersect

9:30 AM Monday Aug 25, 2014

Photo / Thinkstock

Cyber security is a significant risk that can have a material impact. Boards should proactively ask questions of management, champion education and awareness programs company-wide, and treat risk as a priority. As Cyber security issues increase and become more visible, boards may decide to take an active role in understanding the risks associated with those issues.

What are the key issues to consider?

Cyber security is among the most complex and rapidly evolving issues with which companies must contend. Reports of major breaches of proprietary information and damage to organisational IT infrastructure have become increasingly common in recent years, and developments in mobile technology, cloud computing, and social media continue to alter the IT risk landscape.

At least six US retailers in January were under a massive cyber attack, which employed the same software used in 2013 to steal credit-card data from some 40 million Target Inc. customers.

Such attacks can negatively affect market positioning if the public’s confidence in the security of information and access to services is shaken. The CEO of Target subsequently resigned following the cyber attack.

What are the most common types of cyber attacks?

There are numerous categories of cyber attacks including financial fraud, information theft or misuse, activist causes, attempts to render computer systems inoperable, and efforts to disrupt the critical infrastructure of government and its vital services. The perpetrators of cyber attacks can range from individuals or small-scale operations such as insiders, suppliers, and activists, to large-scale efforts perpetrated by criminal networks and foreign governments. Common modes of attack include the introduction of malicious software such as trojans, worms, viruses, and spyware; password phishing; and denial-of-service attacks intended to crash websites.

Each type of attack presents unique challenges and requires a targeted set of prevention activities, not all of which are related to technology.

How should boards respond to cyber security issues?

International and New Zealand Boards are devoting increased attention and resources to responding to cyber security issues.

Whether or not there is a dedicated risk committee on the board, it is important to confirm that there are directors with security, IT governance, and cyber risk knowledge and skills. Given the audit committee’s responsibility for risk oversight, it can be advantageous to recruit committee members with cyber security experience so that informed decisions can be made about the sufficiency of the efforts overseen.

A comprehensive cyber security plan requires the appropriate culture and tone at the top, which includes an awareness of the importance of security that extends from the C-suite to the professionals in each function, since breaches can occur at any level and in any department.

The CEO should make it clear that cyber security is a major corporate priority, and should communicate that he or she is fully on board with enforcing compliance with policies and supports efforts to strengthen infrastructure and combat threats.

As recently as five years ago, it was rare for boards of directors to be closely involved in managing cyber security risks, but rapid advancements in technology, coupled with a corresponding increase in the sophistication of cyber criminals and cyber legislation, have made it essential for the board and audit committee to be informed and proactive. New technologies continue to shape the physical and virtual borders of organisations, and organisations must frequently review and quickly adapt policies to address emerging issues.

Cyber security specialists are developing increasingly sophisticated approaches for preventing, detecting, and responding to security breaches, but no single solution can address all the evolving challenges associated with cyber threats. It remains important to apply prudent and adaptable controls to respond to changes in the threat landscape, and to have strong response and resiliency plans in place in the event of an attack.

It is more important than ever that the board and management communicate clearly and effectively on the impact of technology on the business. Many directors, however, are still learning how these sweeping IT trends intersect with their role in the boardroom.

– NZ Herald

Copyright ©2014, APN New Zealand Limited
Tags: cyber security, Governance
Henri Eliot
Henri Eliot
Henri is a regular contributor to the NZ Herald, National Business Review, Idealog magazine and other publications.
Categories
  • Articles
  • Business
  • Insights
  • Interviews
  • Lunch in the Boardroom
  • News
  • Uncategorized
  • Videos
Topics & Interviews
Air New Zealand Amal Johnson Andrew Ferrier Author-IT Board Dynamics Boardroom Boards Board Strategy Boris Groysberg Chairman corporate governance Fonterra Governance Greenbutton Harvard University Helen Anderson Helen Robinson Henri Eliot Interview Joanna Perry Joan Withers Jo Brosnahan John Palmer Julien Leys KiwiSaver Leadership New Zealand Mark Canepa Mark Verbiest Might River Power NBR non-profit NZIER PPNZ Recorded Music NZ RIANZ Rob Campbell Sam Knowles Sandy Maier Shamubeel Eaqub Sunday Star Times Telecom Teresa Gattung The Network for Learning Tony Carter Xero
Recent Posts
  • Stuff: Vodafone boss Jason Paris on why it’s important to only throw one ball at a time
  • Leaders Who Care® Video Series with Henri Eliot
  • Stuff: Leadership in extraordinary times Q&A: Noel Leeming Group CEO Tim Edwards
  • Henri Eliot: Climate Risk in the Boardroom Q&A with Rob Campbell
  • Behind the Desk Series on Stuff.co.nz
Archives
  • August 2020
  • July 2020
  • November 2019
  • June 2019
  • June 2018
  • April 2018
  • February 2018
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • April 2016
  • March 2016
  • February 2016
  • December 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
Board Dynamics
  • Home
  • About
  • Board Services
    • Board Establishment
    • Board Evaluation
    • Board Appointment
    • Board Dispute Resolution
  • News And Insights
  • Contact
  • Board Dynamics
    55 Shortland Street, Level 9
    Auckland 1010
  • hello@boarddynamics.nz
COPYRIGHT © 2020 - Board Dynamics - ALL RIGHTS RESERVED

Start typing and press Enter to search

Henri Eliot discusses with Mark Sadovnick Leadership and more! (LA California Interview)
NZ Herald: Social Enterprise Guide: Governance