Audit committees have a critical role to play in ensuring that their organisations have robust cyber security defences – not in understanding the minutiae of the technology involved, but in leading governance and policy. UK Government Communications Headquarters director Sir Iain Lobban has been quoted as saying that business secrets are being stolen on an ‘industrial scale’ with 70 sophisticated cyber espionage operations a month against government and industry networks. Clearly, this is not an issue where a ‘wait-and-see’ approach is viable.
This means being able to answer questions such as:
- What are the key assets requiring protection?
- How are they being protected?
- Who is responsible for protecting them?
- What level of cyber security risk is considered acceptable?
- How would the organisation respond to a major cyber security incident?
If the answers to these questions are not at your fingertips, you are not alone. However, the expectations of audit committees in terms of cyber security are growing.
Download Cyber Security for audit committees - An introduction