Non-Executive Directors have a responsibility to understand cyber security risks and resilience in order to best protect the interests of their business, according to AXELOS Global Best Practice.
A new discussion paper from AXELOS calls for more training on cyber security risks and resilience for non-executive directors on company boards. ‘Mind the Information Gap: Non-Executive Directors and Professional Development’ identifies that non-executive directors on audit and risk committees are in a unique position to improve the resilience of their companies – but that many may not currently have access to the training and skills necessary to do so.
Nick Wilding, Head of Cyber Resilience Best Practice at AXELOS, said:
Some organizations can be complacent about the cyber risk, believing that ‘we’re not a target; we’re too small and don’t have anything of value to a hacker.’ The reality is that everyone in a business needs to be aware of cyber security risks and resilience strategies, but particularly those in senior roles. Companies need to ensure that their board members are able to learn about these issues. This is the best way to ensure that a company is as prepared as possible for any incident or attack
The discussion paper recommends that companies introduce a professional development strategy for senior executives designed to address this lack of understanding of cyber security issues at board level. This will help board members build cyber security risks into their broader understanding of their organization’s ‘risk appetite’. It will also ensure that they have the capacity to understand and question audit, risk and compliance reports that are provided by the organization.
It also argues that as a consequence of this better understanding strong relationships between specific board members and key figures from the business – such as the CIO, CISO and Risk Director – will be formed ensuring that cyber security issues have a ‘champion’ at board level.
Find the full white paper here.