By Jess Pembroke, Director of Information Law Services
Are You a Board Member? Then You Should Be Thinking About Cyber Risks—Now
“This is effective risk management, and any business leader who thinks they may be exempt from gripping cyber risks should think again.”[1]
— Richard Horne, CEO, National Cyber Security Centre
The news over the last month has been full of various cyber-attacks[2], some of which will have significant consequences for those whose personal data has been exposed.[3]
Attackers are increasingly exploiting the less visible but critical parts of supply chains and infrastructure. These threats are persistent, evolving, and often devastating. The question is not if your organisation will be targeted, but when.
Key Takeaways for Board Members
- Cyber threats are evolving: They often target overlooked areas like third-party vendors, operational technology, or legacy systems.
- Proactive governance is essential: A culture of cyber awareness must be embedded into your organisation; no technical controls can prevent an attack if your workforce lacks awareness of what to look out for and what to report.
- Leadership matters: Cyber security must be championed at the top. Your engagement sets the tone for the entire organisation.
The ICO has also recently looked at five leading causes of cyber security breaches, which are:
- Phishing – where scam messages trick the user and persuade people to share passwords or accidentally download malware.
- Brute force attacks – where criminals use trial and error to guess username and password combinations, or encryption keys.
- Denial of service – where criminals aim to stop the normal functioning of a website or computer network by overloading it.
- Errors – where security settings are misconfigured, including being poorly implemented, not maintained and or left on default settings.
- Supply chain attacks – where products, services, or technology you use are compromised and then used to infiltrate your own systems.[4]
What You Can Do Today
The National Cyber Security Centre (NCSC) has developed a Cyber Governance Training program specifically for boards. This training includes five essential modules:
- Risk Management – Understand your organisation’s cyber risk landscape.
- Strategy – Align cyber security with your business objectives.
- People – Foster a culture of security awareness and accountability.
- Incident Planning, Response & Recovery – Be prepared to respond effectively when incidents occur.
- Assurance – Ensure your controls are working as intended.
You can access the training here: Cyber Governance Training – NCSC.GOV.UK
There is also a free e-learning course for staff at any level in the organisation here: https://www.ncsc.gov.uk/training/top-tips-for-staff-scorm-v3/scormcontent/index.html#/
Did you know we can deliver training in house to your organisation? Is your organisation prepared to manage data security risks and respond effectively to breaches?
Our CPD-accredited, half-day intermediate course Information Security & Data Breach Management explores the relationship between data protection legislation and information security. You’ll learn how the UK GDPR and Data Protection Act 2018 underpin security obligations, discover key technical terms and measures, and understand how to respond to data breaches, including reporting obligations to the ICO.
Through practical insights, this course helps you develop effective breach response strategies, understand security principles, and build organisational awareness of data protection risks.
For more information and to get in touch, please click here: https://naomikorn.com/services/in-house-training/
[1] https://www.ncsc.gov.uk/blog-post/cyber-threat-behind-the-headlines
[2] North Face and Cartier hit by cyber attacks – BBC News and M&S hackers sent abuse and ransom demand directly to CEO – BBC News
[3] ‘Significant amount’ of private data stolen in Legal Aid hack – BBC News
[4] https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/05/organisations-must-do-more-to-combat-the-growing-threat-of-cyber-attacks/