Cybersecurity is emerging as a key issue during the pandemic, with a host of reports and organisations moving to stress its importance to boards.
The World Economic Forum (WEF) throws a spotlight on cybersecurity and the role of boards while fresh UK government statistics show three-quarters of business say the issues is a “high priority”. Elsewhere, the UK’s most senior cybercrime-fighter has offered a fresh warning in a speech, saying the issue should be as important to chief executives as finance.
Though issued separately, the reports and statements serve to emphasise the growing importance of cybersecurity and its place high on boardroom agendas.
Daniel Dobrygowski, head of governance at the World Economic Forum, hammered the point home while commenting on the launch of the WEF’s boardroom guide to cyber risk.
“Cybersecurity is not just a technology problem; it is an economic and strategy issue crucial for boards to address given the current environment.”
The WEF’s guide offers six principles for boards to follow when addressing cybersecurity issues and comes after an expert team was commissioned to answer why boardroom responses to the danger have been “fragmented”, with the risk “not fully understood”.
“Without a principled foundation for understanding and governing cyber risk at the board level, risk responses have been piecemeal and security gaps have risen.”
The WEF principles include the alignment of cyber-risk management with business needs and a recognition that cybersecurity should be incorporated into board governance.
Increased cybersecurity risk
That chimes with views from Lindy Cameron, chief executive of the UK’s National Cyber Security Centre, who in her first speech since taking over leadership of the agency reveals concerns that cybersecurity fails to gain the focus it requires and is still to be fully integrated into discussion among board members. She adds boardrooms cannot use the pace of tech development as an excuse: digital literacy is as “non-negotiable” as financial or legal literacy, she says.
“Our CEOs should be as close to their CISO—their chief information security officer—as their finance director or their general counsel,” she says.
Fresh government statistics for cybersecurity breaches are a reminder why Cameron has a case.
Four out of ten (39%) businesses have experienced report a breach in the last 12 months. That’s down on last year’s 46% but the figures rise steeply to 65% of medium businesses and 64% of large businesses.
The coronavirus has had an effect. The report says evidence from the most recent study “suggests that the risk level is potentially higher than ever under Covid-19 and that business are finding is harder to administer cybersecurity measures during the pandemic.”
The report says fewer businesses are using security or user monitoring tools suggesting businesses are “simply less aware than before of the breaches and attacks their staff are facing”. And that at a time when the pandemic has forced a radical change in ways of working making it harder to maintain security levels.
When Board Agenda, in partnership with Mazars, last polled business leaders about their risk knowledge, they revealed worryingly low levels of insight about climate change and cybersecurity. The current reports suggest it may time to fill that knowledge deficit.