Skip to content

8 February, 2023

Subscribe Advertise About Us
  • My Account
  • Register
  • Log In
  • Log Out

Board Agenda

  • Governance
  • Strategy
  • Risk
  • Ethics
  • News
    • Categories

      • View All
      • Board Moves
    • CEO legacy

      Long-standing CEOs can leave a legacy of trouble for boards

      Performance and productivity can suffer after a long-tenured chief executive leaves the company, researchers find.

    • cost-of-living crisis Aviva highlights cost-of-living crisis

      Fund calls for ‘mindful’ pay ratios, showing executive pay is now firmly an issue for...

    • diversity talent pipeline News round-up: this week in governance

      Target diversity early; directors job market 'ossified'; US extends duty of oversight; 'kindness bias' hinders...

  • Insight
    • Categories

      • View all
      • Governance
      • Strategy
      • Risk
      • Ethics
      • Board Expertise
      • finance
      • Technology
    • mission zero

      Can the UK achieve net zero by 2050?

      To gain economic benefits, UK businesses will need resilient and flexible supply chains to provide...

    • governance recession

      What use is governance in a recession?

      Companies seeking competitive advantage in uncertain times will find that effective governance allows much sharper...

    • climate litigation

      Climate litigation: how 2022 will shape 2023

      This past year saw a rise in climate litigation, with a focus on the commercial...

  • Comment
      • View all
    • A week of business moving to the centre of human rights

      A week of events signals the initiatives underway to have companies play a central role...

    • audit reform IIA Why we need audit reform right now

      There is an "urgent need" for reform to the audit landscape as well as internal...

    • climate change energy crisis Sustainability and climate change: the other energy crisis

      The world is addicted to cheap energy. We need to admit this and have the...

  • Interviews
      • View All Interviews
      • Podcasts
      • Webinars
    • Board priorities 2023 Board priorities 2023: tact, trust and transparency

      We asked key figures what would help boards this year. The answers ranged from 'smarter...

    • Group of investors/shareholders in glass building Climate issues likely to figure prominently at next year’s AGMs

      A recent webinar heard that say-on-climate voting is expected to rise, while ESG remains a...

    • NEDs role NEDs ‘needed more than ever’ in times of uncertainty

      The non-executive director’s role is to both challenge and listen to management, agreed the panel...

  • Careers
      • View all
      • Selection
      • Board Moves
    • CEO legacy Long-standing CEOs can leave a legacy of trouble for boards

      Performance and productivity can suffer after a long-tenured chief executive leaves the company, researchers find.

    • diversity talent pipeline News round-up: this week in governance

      Target diversity early; directors job market 'ossified'; US extends duty of oversight; 'kindness bias' hinders...

    • NED recruitment News round-up: this week in governance

      Your country needs NEDs; governance does not compute; financial firms get more women on board;...

  • Resource Centre
      • White Paper Downloads
      • Book Reviews
      • Corporate & Advisory Services
    • Edelman Trust Barometer 2023

      2023 Edelman Trust Barometer

      The report is the result of the Edelman Trust Institute's research, which sampled more than...

    • Sophos 2023 Threat Report

      Barriers to entry for would-be cybercriminals are lower, with tools and tactics becoming available to...

    • The C-Suite Outlook 2023: On the Edge

      The Conference Board 2023 C-Suite Outlook survey reveals the events that C-suite executives see as...

  • Events
  • Search by topic
    • Governance
    • Strategy
    • Risk
    • Ethics
    • Regulation
    • ESG
    • Investor Relations
    • Selection
    • Board Expertise
    • finance
    • Technology

Counter measures

by Gavin Hinks on August 10, 2015

Brussels is edging closer to new information security regulations.

Photo: © European Parliament - Audiovisual Unit

Cybercrime
Photo: © European Parliament – Audiovisual Unit

New cyber-security regulation will force key companies to adopt risk-management practices and report major security breaches to the authorities, according to the European Commission.

The Network and Information Security Directive, though proposed in 2013, is in the final stages of approval in Brussels between the European parliament and council.

The directive will affect companies in the energy, transport, banking and health sectors. Internet service providers could be included too, but the extent to which they will be affected remains unclear.

The UK’s department for business estimated in 2014 that 80% of large companies have suffered some kind of breach in information security.

Though the European directive is yet to be finalised, Whitehall has already published a ten-step guide to improve cyber-security.

The guide was updated in January this year to include a paper on what a cyber-attack looks like and how they are typically executed.

In a statement the government said: “We believe understanding the cyber environment and adopting the 10 Steps are effective means in protecting your organisation from these attacks.”

It adds: “Assess the risks to your organisation’s information assets with the same vigour as you would for legal, regulatory, financial or operational risk.

“To achieve this, embed an information risk management regime across your organisation, supported by the board, senior managers and an empowered information assurance (IA) structure.

“Consider communicating your risk management policy across your organisation to ensure that employees, contractors and suppliers are aware of your organisation’s risk management boundaries.”

The government says cyber-security is a “critical” board-level responsibility, and that attacks could “impact” share value, mergers, pricing, reputation, culture, staff, information process control, brand, finance and technology.

It suggests these questions for boards:

  • Have you identified key information assets and thoroughly assessed their vulnerability to attack?
  • Has responsibility for the cyber-risk been allocated appropriately? Is it on the risk register?
  • Do you have a written information-security policy in place, which is championed by the board and supported through regular staff training? Are you confident the entire workforce understands and follows it?

Brussels

Brussels’ security directive demands greater cooperation between EU states and creates a mechanism for an early warning system to share intelligence on cyber-attacks.

But it also places a responsibility on companies in the key infrastructure sectors. The directive demands they put in place risk-management systems, and report attacks to authorities.

Once the reports are received national authorities may then choose to go public with the news, depending on the significance of the attack.

This will hinge on the number of users affected, whether the attack went on for long and its geographical spread.

Writing for ComputerActive magazine, William Long, a partner at law firm Sidley Austin, says that national authorities will have the power to investigate non-compliance with the directive, which could include imposing a security audit.

He adds: “The NIS Directive will also require many businesses to apply procedures that will demonstrate effective use of security policies and measures.

“Failure to do so may result not only in loss of customer trust and damage to reputation, but also breach European data protection and information security requirements and enforcement actions.”

  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Mail

Related Posts

  • Executive pay, sustainability KPIs and the climate crisis
    December 1, 2021
    CSO with green tie and leaf in his top pocket

    Linking KPIs to sustainability targets results in complexity. A focus on corporate purpose is a better way to tackle climate change.

  • Steps for a smooth and successful CEO transition
    January 18, 2022
    New CEO sitting in his office

    A succession plan is only the start: an effective CEO transition requires clear KPIs, objective assessment and ongoing board support.

  • Battle of the boards: risk, ESG and two-tier board structures
    April 22, 2022
    Board risk meeting

    There is an inherent conflict of interest between main and executive boards, with two different time horizons and two different risk impacts.

  • Top stories of 2021: purpose and transformation amid the pandemic
    December 22, 2021
    Coloured lines unite to form red arrow

    Philosophical questions about corporate purpose and transformation joined ESG, diversity and AI as the thought-provoking themes of 2021.

For thoughtful journalism, expert insights on corporate governance and an extensive library of reports, guides and tools to help boards and directors navigate the complexities of their roles, subscribe to Board Agenda

cyber security, European Commission, Network and Information Security Directive, Regulation, risk, Technology

Search


Sign up to our Newsletter

Receive independent news, thoughtful journalism & expert insights about leadership, corporate governance & key boardroom issues straight to your inbox every week.

SIGN UP

Follow Us

 

 

 

 

Most Popular

  • Investors favour votes against directors over say-on-climate proposals
  • Shell overhauls its board
  • ESG grows in importance as driver of M&As
  • What use is governance in a recession?
  • News round-up: this week in governance
 

Featured Partner Profile

Diligent

Diligent

Diligent Corporation, which was founded in 2001, is headquartered in New York, NY with a European HQ in London. Diligent’s modern governance platform empowers leaders and teams at every level of the organisation to digitally transform and create ...

Featured Partner Resources

2022 AGM Season Forecast: An Eye on The Horizon

To help prepare for AGMs in 2022, Equiniti (EQ) hi...

Stakeholder Engagement: A Roadmap for UK Plc Boards

This guide aims to provide directors and their col...

Digital Boards: How Technology Adoption is Driving Culture Change and Resiliency

Digital tools proved their worth to boards during ...
Leadership in AI report

Leadership in AI

This report from Board Agenda and Mazars, in assoc...
Creativity in a Crisis: a Boardroom Map for Innovation

Creativity in a Crisis: a Boardroom Map for Innovation

In the uncertain times at the height of any crisis...
Board Directors Guide to D&O Liability Insurance - November 2020 - AIG & Board Agenda

Board Directors' Guide to D&O Liability Insurance

Directors face liability over a range of new threa...
Leadership-in-Risk-Management-Board-Report

Leadership in Risk Management: Board Report

Board Agenda, in association with Mazars and INSEA...
Director's Guide to Internal Investigations

A Director's Guide to Conducting Internal Investigations

An internal investigation must be handled meticulo...

 


 

ADVERTISE – FREE CORPORATE LISTING

FREE - Add your company profile to our Corporate & Advisory Directory.
ADD

ADVERTISE – PROMOTE YOUR REPORTS & WHITEPAPERS

FREE - Add your company profile to our Corporate & Advisory Directory.
Add Resource

Register Free

Register to receive free article views, selected resource downloads, and all the latest news alerts straight to your inbox. Register


  • Editors & Contributors
  • Editorial Advisory Board
  • Corporate & Advisory Services
  • Media Marketing Solutions
  • Contact Us
  • Careers
  • Board Director Network
  • Terms & Conditions
  • Privacy Policy
  • Cookies
  • Sitemap
|