Subscribe
About
  • Home
  • /
  • Security
  • /
  • Successful cyber-resilience programmes rely on executive sponsorship

Successful cyber-resilience programmes rely on executive sponsorship

It is highly recommended that board members receive an expert briefing on cyber resilience, and that new board members are inducted properly, says Kabir Singh, Senior Manager Advisory Services, ContinuitySA.

Business is now almost entirely dependent on digital platforms, and cannot function if its ICT systems are impacted or attacked. So, in order to build a resilient business, cyber resilience needs special attention especially from executives.

"If the lead does not come from the top, then all your best efforts will not bear fruit - and this one is too important not to get right," argues Kabir Singh, Senior Manager Advisory Services, ContinuitySA.

"It's important to differentiate between cyber resilience and cyber security," he continues. The latter essentially relates to the technology that helps to prevent intrusion, and would include password and identity management, firewalls, encryption and so on. But cyber security is not sufficient. Security technology simply cannot keep pace with cybercrime, so it is important that the organisation does not only identify cyber risk, but is able to detect cyber attacks and respond to them.

In the same way, business continuity is now being seen within the wider context of business resilience. The fast-moving nature of the threats means that identifying risks and preparing only for them is not enough.

As with business resilience, cyber resilience requires strong leadership by the board and the executive team. In the end, it is the product of a cultural shift within the organisation, and culture within countries and organisations is inevitably a reflection of the behaviour of leaders. So while promoting the principles of cyber resilience to employees is critical, they will only take root if the leaders show the way.

To this end, the board must assume oversight responsibility for cyber risk and resilience, possibly delegating this responsibility to a committee - either the risk committee or, in the case of a mature organisation, a dedicated cyber-resilience committee.

The board needs to ensure that management integrates cyber resilience and cyber risk assessment into overall business strategy and into enterprise - wide risk management, as well as budgeting and resource allocation.

In addition, the board can appoint an accountable officer for reporting on the organisation's capability to manage cyber resilience and progress in implementing cyber resilience goals. The board ensures that this officer has regular board access, sufficient authority, command of the subject matter, experience and resources to fulfil these duties. It requires the officer in charge to monitor performance and to regularly report to back to it.

As part of its annual risk management cycle, the board needs to review the organisation's appetite for cyber risk, taking into account the relevant regulatory requirements and industry benchmarks.

Feedback from boards is that ICT governance remains challenging for them. In the light of this, it is highly recommended that board members receive an expert briefing on cyber resilience, and that new board members are inducted properly. Regular trend updates are also mandatory.

Finally, in order to initiate a virtuous cycle, an annual, independent cyber-resilience review should be undertaken, concludes Singh.

Share

ContinuitySA

ContinuitySA is Africa's leading provider of business continuity management services to public and private organisations. Delivered by highly skilled experts, its fully managed services include ICT resilience, enterprise risk management, work area recovery and BCM advisory - all designed to enhance business resilience in an age of escalating threat. By helping clients understand their risk profile, and then develop an appropriate risk-mitigation strategy, ContinuitySA provides peace of mind for all stakeholders.

ContinuitySA operates the continent's biggest network of recovery centres, with more than 20 000m2 of space in Gauteng (Midrand and Randburg), the Western Cape (Tyger Valley and Somerset West), in KwaZulu-Natal (Mount Edgecombe) as well in Botswana, Mozambique, Kenya and Mauritius.

ContinuitySA is a Gold Partner of the Business Continuity Institute and the recipient of the BCI's 'Continuity and Resilience Provider' Award for the third consecutive year in 2016.

ContinuitySA. Its business is keeping you in business.

Additional information about ContinuitySA can be found at www.continuitysa.com. Network with ContinuitySA on Google+, LinkedIn, Twitter and Facebook.

Editorial contacts

Rebecca Warsop
Warstreet Marketing
(011) 807 9842
rebeccaw@warstreet.co.za