Audit committees have a critical role to play in ensuring that their organisations have robust cyber security defences – not in understanding the minutiae of the technology involved, but in leading governance and policy.
PDF files require Adobe Reader to view
This means being able to answer questions such as:
- What are the key assets requiring protection?
- How are they being protected?
- Who is responsible for protecting them?
- What level of cyber security risk is considered acceptable?
- How would the organisation respond to a major cyber security incident?
Cyber threats should be considered as part of the company’s risk management process, and the audit committee should test whether the company has the right cyber security capabilities.