When was the last time you had the topic of cyber security on the agenda of the board of directors?
Cyberattacks have now made it into the top 10 business risks. Not a week goes by without reports of another successful ransomware attack on a Swiss company. According to the law, the board of directors is responsible for the risk management within a company. The design of risk management and the corresponding monitoring are among its fundamental duties.
Although ransomware is one of the biggest risks for companies, the topic of IT security is still not on the agenda of many boards of directors.
In recent times, medium-sized companies have carried out initial security checks and improvements. But in most cases, these were only selective reviews. The vast majority of companies still lack a holistic view over their threat situation and security level of their IT landscape. Individual checks are helpful in order to increase security selectively. However, this is not enough to properly assess the risks and adequately protect against cyberattacks.
What role should the board of directors play?
The board of directors does not create the security strategy and in most cases does not have a great deal of security know-how. Nevertheless, it is up to the board of directors to demand transparency from the management regarding the threat situation and the security level of their own company. The board of directors needs a 360° view of the cyber threats and the resulting risks for its organization. Only in this way can it fulfil its task and prioritize the corresponding fields of action appropriately.
5 questions the board should ask:
- What critical assets and business processes do we have and how are they protected?
- What is the security level of our IT landscape and what are the biggest cyber threats we face?
- Which external companies and services do we depend on and how are they protected against cyberattacks?
- How quickly do we recognise that an attacker is in our network?
- Have we defined the procedures for a security incident, do we know who is responsible and how is the communication handled internally and externally?
How can Asecus support?
Asecus has been successfully supporting Swiss companies in protecting themselves against cyber attacks since 1997. We serve over 160 active customers from various sectors such as insurance companies, hospitals, banks, industry, energy, retail & wholesale, public administration and the service sector.
Our interdisciplinary team with extensive security expertise in on-premises, cloud and hybrid environments makes us the ideal sparring partner and security advisor in today’s networked and complex world. In order to gain valuable insights into the current threat situation in a short time, we recommend our Ransomware Readiness Check. This check provides companies with an overview of the protection level of their various systems by means of network diagrams and identifies corresponding gaps at a glance.