Cyber and Corporate Governance

“…Patch and Pray will not be enough…getting the basics of Cyber Security right is a Board level Governance responsibility”
Director GCHQ

Until you’ve lost your reputation, you never realise what an asset it was
Margaret Mitchell

ECA- acknowledged experts in helping C- Suites get to grips with the governance and corporate responsibilities involved in creating 21st century cyber- resilience.

It goes without saying that it is the board’s responsibility to set corporate culture and manage risk oversight, yet many senior executives are still failing to understand the level of international cyber threat to their organizations. Cyber-crime costs the UK economy hundreds of millions a year, with 19 British people falling victim every 60 seconds. A successful cyber-attack costs the average corporate millions. (Where they can actually quantify the value and the damage of the attack- e.g. the experience of the RSA Corporation)

“The greatest single risk to security is the general lack of conviction that any substantial threat exists.”
Radcliffe report

It is far better to operate a strategy of Predict and Prevent than continue the standard wait for Failure and then Fix it.

The IoD states; “Setting risk tolerances requires a company to consider- in quantitative terms exactly how much of its capital and reputation it is willing to put at risk….Regulators, shareholders and the public will not tolerate any repetition of the sins of the past- and their focus is squarely on business leaders”

Given the greatest ‘clear and present danger’ is from cyber and data related theft and attack, both external and internal, it becomes imperative that board executives realise the level of personal accountability for corporate failure of governance.

Back to main Cyber Security Assurance page