top of page
Men in Suits

Board Members' Guide to Cybersecurity

Boards face frequent cyberattacks. Large data breaches or public disruptions make such crimes headlines. As a company director or senior executive, you must recognise that cybersecurity is the responsibility of the entire board, not just a tech-savvy non-executive or the risk committee.

Cybercriminals have attacked massive networks to demand ransom in recent years.

Major cyberattacks

In May 2021, Ireland's Health Service Executive and Department of Health were attacked. A gang using ransomware to encrypt massive patient files appears to have been financially motivated. The group reportedly demanded $20 million to reverse the attack and return the data. The Irish government refused the ransom.

The attack shut down all HSE IT systems, causing hospital confusion and several outpatient cancellations.

The Irish public would pay "tens of millions" to repair the network system, according to HSE director general Paul Reid.

In May '21, a ransomware attack on a key fuel pipeline shut it down for five days, tightening the US supply. States declared emergencies as gas prices increased.

Colonial Pipeline paid DarkSide about $5m to stop the attack.

President Biden signed an executive order to strengthen US cyber defences after the crime and its widespread disruption.

Cyberattacks will rise in volume and sophistication in the digital age. Directors and boards should prioritise cybersecurity risk management.

The board is accountable for cybersecurity.

Boards risk cyberattacks

Cybersecurity incidents affect the entire organisation, not just IT.

An attack may impact sales, consumer loyalty, brand, contractual relationships, legal and regulatory actions, and data breaches.

For a cybersecurity strategy to work, the board must be knowledgeable and accountable.

Each board member must know how it affects their area and the organisation as a whole.

What is Cybersecurity?

Cybersecurity protects devices, services, networks, and data from theft or harm.

Board members should understand cybersecurity well enough to converse with IT security specialists and ask relevant questions.

Boards must manage risks

Cybersecurity is risk management.

Cybersecurity should be managed like other hazards. Cybersecurity requires three steps:

  • Obtain the data you need to assess risk.

  • Prioritize risks using this information.

  • Manage these risks.

Directors must recognise that multi-layered cybersecurity defences involve technology, personnel education, and good policies.

Our Directors’ Institute- World council of Directors can help you accelerate your board journey by training you on your roles and responsibilities to be carried out in an efficient manner helping you to make a significant contribution to the board and raise corporate governance standards within the organization.

Our ESG Expert certification will help you to amplify your understanding of corporate governance in a detailed manner paving a way for you to become a globally recognized ESG leader.

20 views0 comments


  • alt.text.label.LinkedIn
  • alt.text.label.Facebook
bottom of page