SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Kiwi directors need to start talking about cyber security
Wed, 2nd Sep 2015
FYI, this story is more than a year old

Directors can often be a high value target for cyber criminals as they have access to privileged information, says the Institute of Directors, the New Zealand based membership organisation focusing on excellence in corporate governance.

On top of this, directors are often still unwilling to have conversations about the necessity of cyber security.

“Directors have access to large amounts of important and sensitive information. Sitting on multiple boards means more information and more organisations which could be compromised.

“More and more often, directors are viewed as a potential weak link in an organisation's defences and they become a target,” says Tom Walton, Network Box sales and marketing director.

According to Walton, cyber crime is the third biggest risk facing businesses globally, with a total market exposure from $500 million to $1 trillion.

In fact, Walton says cyber crime is now even surpassing drug trafficking as criminals work out they can easily make a lot of money, fast, whilst remaining removed from the event itself.

However, according to Walton, “Directors are still very reluctant to accept and take accountability for this growing business risk.

“Many think it doesn't apply to their organisation because they are too small a target, but in reality, cyber-attacks occur because of a lack of cyber preparedness and a weakness in defences.

He says, “There is disconnect between the rapidly growing threat from cyber-attacks and the approaches used by businesses to manage them. First and foremost you need to understand what you don't know.

“By having the conversation and putting plans and defences in place, when not if a cyber-threat does happen, damage is minimised and the business can recover quickly.

Walton says cyber governance best practice needs to be led from the boardroom and implemented into organisational culture.

Margaret Devlin, Institute of Directors Waikato branch chair, agrees cyber risk is enterprise wide.

“We're living in an era where technology is an integral part of our daily lives, and directors need to consider the strategic opportunities this presents.

The Institute of Directors last month launched a new course and practical guide to support directors.

The new course, Leading in a Digital Era, focuses on the leadership role boards need to play in being successful in the current business environment, while the Cyber-Risk Practice Guide offers five principles to help boards understand and monitor cyber-risk.

Walton will share some of this knowledge and his views on who should be accountable, along with suggestions for cyber governance best practices, at the Waikato Institute of Directors cyber-security workshop today.