Boardrooms must play a critical role in managing cyber-risk for their organization, the UK’s National Cyber Security Centre (NCSC) has argued in a new video, ahead of publishing a dedicated training pack for boards.
The Cyber Governance Training Pack for Boards will be rolled out in the coming year to offer “knowledge and practical guidance” to help decision makers in their understanding of cybersecurity governance, the NCSC said on Friday.
“Not only do boards carry the legal responsibility and accountability for cyber-governance within their organization, but they also have the opportunity to harness the benefits that technology offers, drive their company’s agenda, and deliver real value throughout the organization,” wrote NCSC Economic and Society team member Clare C.
The pack is designed to complement a new Cyber Governance Code of Practice proposed by the Department of Science, Technology and Innovation (DSIT) in January. That code is currently open for Call for Views until March 19. There’s also an NCSC Cyber Security Toolkit for Boards which provides guidance on how to implement the actions detailed in the code.
Read more on cyber governance: Board Members Struggling to Understand Cyber Risks
NCSC director of operations, Paul Chichester, highlighted cybercrime, ransomware, business email compromise (BEC), state threats and patriotic hackers as major threats facing organizations of all size across all verticals.
“There’s an increasing amount of information available to boards from their own teams. It’s important for organizations to be situationally aware in terms of those threats,” he said.
“The NCSC provides significant resources in that space on our website and through information exchanges and other engagements. And we look to try and educate as much as we can on the changing nature of that threat.”
Boards should also consult the wealth of open source information on evolving threat landscape trends, and talk to their peers, partners and competitors to stay informed, Chichester suggested.
“I see their role as managing risk. And just as boards manage various types of risk, cyber needs to be a key one they’re focused on and managing,” he concluded. “Their role is not to be experts in the subject but to really offer challenge – making sure the organization is managing risks.”