Quick Links
Connect us
Directors Databank
Become a faculty
Blog
Become an Awards Assessor
Publications
Contact Us
Cyber Security in Boardrooms
By- Institute of Directors | Authored by- Lt. Gen. Surinder Nath, PVSM AVSM (Retd.)
Jul 02, 2024
Safeguarding the Future with Cyber Governance
In today's digital age, the frequency and sophistication of cyber threats are escalating, making cybersecurity a critical component of corporate governance. Digital technologies and the internet have been continuously transforming and changing the way governments, businesses, and individuals manage their activities. Every organisation today is vulnerable to cyber threats and attacks in hundreds and perhaps thousands, of ways. The impact of cyber incidents extends far beyond IT, leading to financial losses, damage to reputation, legal liabilities, regulatory penalties, eroding customer trust, impacting long-term relationships and brand loyalty. Thus, board directors must oversee cyber preparedness with the same diligence they apply to other business risks.
Directors must ensure that cyber risk management becomes an integral part of the organisational culture, strategy, and day-to-day business operations. The board should not take an executive role in managing risk but rather provide 'risk oversight' to the management. A comprehensive cybersecurity framework is essential. It starts with recognizing that cyber security is a companywide concern. The board must establish a suitable structure, hire skilled personnel, and develop tailored policies and processes. This holistic approach will ensure that the company is prepared to respond effectively to cyber incidents, minimizing negative consequences.
Boards can fulfil their role in risk oversight through the following:
1. Establish policies and procedures around risk that are consistent with the organisation's strategy and risk appetite.
2. Ensure risk management policies and procedures are being implemented and prioritized by the management.
3. Ensure all risk management policies and procedures function as intended.
4. Take steps to promote cyber-risk consciousness.
5. Foster a culture of risk adjusting awareness in the organisation.
As board meetings and board papers are increasingly being transferred online, this shift poses a serious threat to the confidentiality of boardroom practices. While new tools can counteract cybercrime efforts, a few principles and actions at the board level can help avoid and control such incidents. Board members can ensure a more nuanced and structured discussion on cyber security by introducing dedicated cyber oversight and digital committees. They can also explore inviting subject experts for informed decision-making.
Although cybersecurity threats are often associated with large organisations, the most frequent cyber threats target MSMEs, as their lower security posture makes them more susceptible. Hence, the evolving threat landscape demands continuous vigilance, and it is for forward looking entrepreneurs to develop appropriate oversight to operate safely and leverage cyber platforms to their advantage.
In light of these emerging trends, the Institute of Directors (IOD), India has been directing its focus to cyber risks and governance through its publications, events, and training workshops. IOD is set out to bring more awareness to this pertinent emerging boardroom agenda and will be organising a webinar 'AI and Cyber Risks' as part of the 2024 Boardroom Webinar Series.
Moreover, IOD's latest Handbooks for Executive Management and Corporate Directors, covering topics like 'Enterprise Risk Management', 'Cyber Security', and 'Transformative Technologies', continue to support and guide the industry today.
I hope this special issue of Director Today will be an interesting and insightful read.
Back to HomeAuthor
Lt. Gen. Surinder Nath, PVSM AVSM (Retd.)
President, Institute of Directors
former Chairman, UPSC
former Vice Chief of Army Staff and
former Independent Director, L&T Ltd.
He took over as the President of Institute of Directors with effect from 02 December, 2022
Owned by: Institute of Directors, India
Disclaimer: The opinions expressed in the articles/ stories are the personal opinions of the author. IOD/ Editor is not responsible for the accuracy, completeness, suitability, or validity of any information in those articles. The information, facts or opinions expressed in the articles/ speeches do not reflect the views of IOD/ Editor and IOD/ Editor does not assume any responsibility or liability for the same.
