GCHQ Updates Security Guidance for Boards
The UK’s leading cybersecurity agency has urged the country’s business leaders to “get to grips” with cyber risk after releasing an updated toolkit to help them do so.
GCHQ’s National Cyber Security Centre (NCSC) said its updated Cyber Security Board Toolkit is designed to boost the confidence of senior execs when discussing security with key stakeholders from the organization.
Given the potentially serious impact breaches can have on business operations and growth, the agency wants boards to treat cyber risk with the same urgency as other business risks in areas like financial and legal.
Read more on NCSC resources: NCSC Launches Two New Tools for Small Businesses.
The revised toolkit now includes:
- Information outlining the benefits of strong cybersecurity
- Essential activities for the organization to carry out and indicators of success
- New videos summarizing key concepts
- A podcast with leading industry voices
- Case studies on how the toolkit has helped organizations such as charity Water Aid to improve their security posture
- Real-world insight into what a ransomware looks like from a C-level perspective
“Cyber-incidents can have severe impacts on organizations of all sizes, both in the short and longer term, from causing reputational damage to grinding operations to a halt,” warned NCSC CEO, Lindy Cameron.
“I’d encourage all CEOs, board members and senior leaders to read through the toolkit and use it to drive forward the cybersecurity conversations needed to keep their organization secure online.”
The news was also welcomed by then US Cybersecurity and Infrastructure Security Agency (CISA). Its director, Jen Easterly, argued that boards need to evolve how they prioritize cybersecurity.
“Together, we need to catalyze a new model of sustainable cybersecurity that starts with a commitment at the board level to incentivize a culture of corporate cyber-responsibility in which managing cyber risk is treated as a fundamental matter of good governance,” she added.
“The global companies that reside in the US and the UK understand that cybersecurity is a borderless issue. This toolkit will be another valuable resource in helping them take accountability for cybersecurity decisions, ultimately raising the collective cybersecurity baseline for us all.”
However, research indicates that there is still some way to go before cybersecurity is fully understood by senior executives.
A recent Trend Micro study found that (51%) of business leaders believe cybersecurity is a necessary cost but not a revenue contributor, 48% argue that its value is limited to threat prevention and two-fifths (38%) see security as a barrier rather than a business enabler.