Boards failing to take cyber seriously

by Jordan Lynn 17 Jun 2017

Boards failing to take cyber seriously

Boards of directors are still not grasping the severity of cyber threats, new research has found.

A new cyber analysis from Control Risks has found that IT departments lack confidence in the ability of their boards to manage cyber security threats as executives are not treating cyberattacks with the seriousness that they need.

The research also found that 34% of organisations do not have a cyber crisis management plan in place even though 31% of businesses are very or extremely concerned that their organisation will suffer a cyberattack over the
next year.

Carla Liedtke, director and cyber security lead at Control Risks, Australia Pacific, said that while the misalignment between the treatment of cyber at a board level, rather than IT level, issue is not new, more needs to be done to change attitudes.

Liedtke advised that organisations struggling with their attitude toward cyber should be approached on a threat level, as starting with the threat of cyberattack and communicating this threat level effectively can help brokers protect clients.

“This assessment should include the specific cyber threats to the organisation, how they could affect the business and what controls might mitigate them,” Liedtke said. “After assessing the risks and understanding them, the
organisation can then deal with these within its overall risk management strategy.”

While cyber threats are obviously part of any cyber insurance discussion, the lack of understanding on a board level could also have an impact on D&O coverage for businesses as executives can no longer rely on ignorance as protection from cyber-related claims.

Related stories:
Users aren’t ready for ransomware attacks: survey
Insurance opportunity in wake of WannaCry