

Publish Date
25/01/2024
Categories
Blogs Hot Topic
The UK government has unveiled a ground breaking Code of Practice on cybersecurity governance, specifically targeting directors and senior business leaders. This draft document seeks to elevate the importance of cybersecurity to the same level as financial and legal risks within organisations, offering a concise yet comprehensive framework for safeguarding digital assets and effectively managing cyber risks.
This section underlines the significance of robust risk management, urging organisations to identify, prioritise, and regularly assess digital processes, information, and services essential for business continuity and success. Cybersecurity risks must be integrated into broader enterprise risk management, extending ownership beyond the CISO. Ensuring supplier information aligns with risk levels is paramount.
The code emphasises the need to monitor and adapt the cyber resilience strategy in line with accepted cyber risk, business strategy, and legal obligations. Adequate resources should be allocated to develop cybersecurity capabilities that effectively combat evolving threats while remaining flexible and adaptable.
Fostering a culture of cyber resilience is critical. Senior leaders should sponsor communications emphasising its importance within the business strategy. Establishing clear cybersecurity policies that promote a positive culture and aligning the organisation’s culture with the cyber resilience strategy is essential. Individuals must take responsibility for cyber literacy and secure data handling practices, supported by an effective training and awareness programme.
Being prepared for cyber incidents is paramount. Organisations should have well-defined plans for responding to and recovering from incidents affecting critical processes, technology, and services. Regular testing, involving internal and external stakeholders, and drawing lessons from testing and external incidents is vital. In an incident, individuals should take responsibility for regulatory obligations, support executives, and manage external communications. Post-incident reviews must be conducted to enhance future response and recovery plans.
The code advocates for a governance structure that aligns with the organisation’s existing framework. This includes defining roles and responsibilities for directors in managing cyber resilience. Implement regular monitoring, maintain dialogue with senior executives, and establish formal quarterly reporting aligned with business objectives. Ensure integration of the cyber resilience strategy into existing assurance mechanisms, achieving internal assurance.
In the United States, the Securities and Exchange Commission (SEC) has introduced new rules requiring publicly-listed companies to describe the board of directors’ oversight of risks stemming from cyber threats. This underscores the growing global recognition of the significance of cybersecurity in corporate governance.
In conclusion, the UK government’s new Code of Practice on Cybersecurity Governance for Senior Business Leaders places a resounding emphasis on the importance of senior leaders treating cybersecurity with the same gravity as financial and legal risks. By prioritising risk management, establishing an adaptable cyber strategy, promoting a culture of cyber resilience, preparing for incidents, and ensuring robust assurance mechanisms, organisations are better equipped to safeguard their digital assets in an ever-evolving digital landscape. With this code, businesses can proactively address today’s cyber risks, ensuring their continued success and resilience while aligning cybersecurity with core business objectives.
Publish Date
23/01/2024
Categories
Blogs
In a regular workday, where we can receive hundreds of emails, it can sometimes be difficult to know which ones are legitimate and malicious. Especially when our schedules are full.
Getting an anti-virus or anti-phishing solution is of course essential in the business world these days. A ransomware attack can cost you thousands per day (check out how much you could lose here). But of course, that doesn’t stop a few slipping through the net and into our inboxes, which is why your first line of defence when it comes to cyber attacks, are your employees.
The psychology used within these threats is pretty disturbing. Hackers know that a well-crafted email, seemingly from a trusted ‘HR/IT/Manager,’ can trigger an automatic, almost reflexive response, especially if it has ‘urgent’ in the title. In fact, more than 90% of security breaches involve an error by an employee. Whether it’s forgetting to check an email domain, downloading unverified attachments or opening a URL from an external source, it can be pretty difficult to remind ourselves to double check things in the moment. So how can we change our engrained email habits to become more secure?
The answer lies in awareness through regular interactive training. Addressing cyber threats effectively requires a shift in behavioural patterns, so relying solely on an annual presentation is often not enough. Interactive training like KnowBe4, engages you and your team to respond to cyber threats. Through a library of content including modules, videos, newsletters and games, you can foster a stronger security culture within your business. The ability to forget is also off the cards as regular reminder emails are sent. The best part? With KnowBe4, you can simulate personalised phishing attacks, directly targeting your employees’ inboxes, so you can see the results!
Safeguarding against cyber threats is as much about building a resilient culture as it is about using the right tools. Encouraging a mindset where caution comes before curiosity can make all the difference.
If you’re in a leadership position such as an Owner, CTO, CFO or IT manager, who believes in empowering your team, consider exploring interactive platforms such as KnowBe4 to change your employees’ email habits. Look for solutions that are known for their effectiveness without disrupting the flow of your operations. At Cobweb, we’re known for helping businesses start or continue their cyber security journey. With a multitude of solutions (KnowBe4 just being one), we tailor ourselves to your organisation so that together we can meet your unique security goals. For more advice or information, get in touch with one of our experts here.
Recent Comments