• Cyber security is a board-level responsibility

Cyber security is a board-level responsibility

03 June 2017

  • The WannaCry globally-coordinated ransomware attack on 12 May 2017 puts the spotlight on the need for a change in organisations’ thinking about Cybersecurity;
  • The severity, nature and extent of cyber threats is so great that it can only really be addressed at Board level. Executive boards need to immerse themselves in the cyber issue and allocate sufficient resources to identify and ensure the effective management of cyber risks: a Board’s accountability includes the way organisations protect, detect, respond and recover;
  • Boards have to lift their organisations to the appropriate level of cyber resilience: this means going above and beyond employee behavioural change programmes and IT departments’ technical measures.

Brussels, 15 May 2017 – Last Friday’s attack originated in poorly protected workstations, showing that training employees is necessary but no longer sufficient. Cyber threats are more potent than most executive Boards recognise. Companies do invest in security technology - but discover all too soon that the technology is being persistently undermined by different attack methods.

Traditional information security methods are no longer enough to keep cybercriminals at bay. The severity, nature and extent of the threat has become so great that it should be addressed at executive Board level: here a strategic cyber threat model can be agreed – one that is based on a defence doctrine that takes the traditional ‘protect’ model one step further.

Shahryar Shaghaghi, Head of International BDO Cybersecurity: “Ransomware presents a growing threat to every industry, but healthcare organisations are particularly vulnerable. Their digital transformation came late, and the simple reality is that many IT systems weren’t installed with cybersecurity in mind. Because many hospitals rely on end-of-life technology and may prioritise immediate data access over data security, cybercriminals have found their systems relatively easy to penetrate. Hospitals also don’t have the luxury of time: a ransomware infection that blocks access to critical medical data endangers patients’ health. In a scenario where patients’ lives are at stake, the only feasible option, paying the ransom or not, is an extremely tough dilemma.”

Ophir Zilbiger, a partner in BDO Israel’s Cybersecurity Centre adds: “In a secure environment, executive Boards allocate resources and provide management with the tools to identify cyber risks and apply appropriate mitigation. Cyber-responsible Boards do not just check policy but also oversee and verify the implementation of cybersecurity measures to ensure their effectiveness.”

At BDO, our global cyber security leadership group offers several proprietary models for supporting organisations in developing and improving their resilience posture. From establishing compliance and building a proactive approach, through the ongoing development of capabilities and effective security risk management, we work with our clients to quickly attain higher levels of maturity and resilience.