A post on the Cyber Security Intelligence website (https://www.cybersecurityintelligence.com/blog/as-a-business-leader-you-must-manage-cyber-risk-6909.html) emphasizes that cyber attacks are a risk for any business. Cyber criminals are a threat to data, processes, systems and customers.
Addressing cyber risk is a challenge for officers and directors. Cyber is a complex, technical area with new threats almost weekly. Most board members or officers are not cyber experts, but they need to understand and oversee the risk. They need access to expertise and information.
The SEC is about to publish new regulations requiring publicly traded corporations to document cyber risk mitigation resources and name their board's cyber security lead. All companies should take steps now to manage their risk.
- Make sure there is clarity on current processes and procedures for cyber incident response and risk mitigation. Assess the difference between your current practice and best practices.
- Get expert advice from experienced risk management professionals, inside and outside your company.
- Every business is different - address your particular risks.
- Engage business leadership, not just IT and security. Plan for resilience and long term survival.
- Form a cybersecurity committee.
- Monitor execution to be sure employees are following proper procedures.
- In case of disruption, be prepared to operate offline.
Cyber insurane should be part of your response plan. Your insurer should provide additional guidance on handling your risk.