Surprisingly, almost 40% of Australian businesses are not regularly testing and updating their risk and crisis plans, according to the Governance Institute of Australia’s 2020 Risk Management Survey. On top of that, only 11% are regularly running scenarios around risk events to test how the organisation and employees will respond.
What should boards consider when designing a resilient cyber security policy for the organisations they lead?
Since the start of the Covid-19 pandemic, cyberattacks are higher than ever and companies need to focus on having an Information Security Policies and Procedures Plan. This helps employees, investors and the board have clarity on how to handle information risks. Plus, ensure the organisation is following the best Cyber Security practices within the policy.
Board members can add value by having a process ready if and when a cyber breach happens. Scenario planning sessions can be used to iron out any issues that may occur. When there is a data breach or a cyber incident, do not panic. Involve us to contain the threat, detect the risk and recover the systems and remediate the breach. Some scenarios may be more obvious than others which is why it’s key to have a professional at hand to detect the risks.
Embrace Technological Changes
Technological changes can be difficult to keep up with and the Covid-19 pandemic has lunched organisations a few years ahead in a short amount of time. The shift to remote work, the adoption of business technologies, and adapting to digital channels serving a larger portion of customers has disrupted many organisations.
While opportunities can come from it, technology disruptions pose great risks to business growth. In addition, many organisations lack effective cyber-security defences and responses to cyber threats that are constantly evolving. Cyber defence is critical to protecting an organisation’s reputation and ability to grow.
Some board members can lack confidence and understanding of technological changes. To protect themselves, organisations should assess their systems and consider hiring external advisers who are able to bring a digital perspective to their policies.
Boards have a key role to play in bridging the gap between their internal positions and external perceptions. When an organisation has an Information Security Policies and Procedures Plan in place they can react quickly to a data breach that may occur. Ideally, all employees have received diligent cyber security risk training and know what to do in possible scenarios. having these policies and procedures also helps the board to communicate the organisation’s next steps to investors and customers, which is what they expect.