As the risk of cyber security incident is growing, along with the risk of significant harm to the business itself, cyber security is becoming a more critical issue. This should make it a matter for the board, yet many still consider cyber security to be primarily an IT responsibility.
This paper discusses:
- Why the regulatory environment, and the significant fines organisations can face for failing to comply, should naturally make cyber security and data protection board-level concerns;
- Why not taking an active interest in cyber security may constitute a breach of a director’s duties;
- How cyber security is at its most effective when taking a top-down approach; and
- How ISO 27001 and ISO 22301 can help directors and their organisations manage cyber security and resilience effectively.