Cybersecurity risks to be addressed by boardroom executives, not IT staff


It is now a matter of “when” and not “if” when it comes to the imminent threat of cyber attacks, say four in 10 chief executives across the UK.

Vice chair of KPMG, Bernard Brown, has warned businesses across the world that its vulnerability to a security breach ought to be addressed in the boardroom as much as it should be addressed by IT professionals.

A result of “investors and regulators increasingly looking to company boards to show leadership,” Brown further emphasises that cyber security issues need to be more highly prioritised than they currently are, due to the lasting negative impact an attack can leave on a business’s reputation.

He states: “As any board member who has experienced a major cyber attack will know, dealing with a major cyber incident can feel very new and uncertain. The problem in the boardroom is that there are few who have had the experience.”

The risks come as a result of executive staff being unfamiliar with technological issues, perhaps a consequence of the generational gap. The unwillingness to address the threats, however, can leave a long-lasting impact on the business, “creating distrust, questioning integrity, and tarnishing reputations.”

Increasing awareness throughout chief executives is simply not enough, says Brown, who believes that prevention plans, and cyber security policies should be implemented and discussed thoroughly in the boardroom. “This will be far more effective than delegating responsibility to a beleaguered chief information officer,” says Brown, who also suggests instating a board member with cyber security expertise to educate and update the organisation with the evolving nature of the field.

Although he notes there is a severe shortage in skills required to address cybersecurity risks, Brown states that the best way for a business to prepare itself for an attack is to hire technical staff who can point out the shortcomings of the business’ security measures and assist with making the firm more resilient to attacks.

Self-education and a willingness to address the cybersecurity challenges are the key measures executives ought to take to ensure a defence against data breaches. Brown believes that if success is reliant on the decisions made in the boardroom, then the accountability of creating a cyber-resilient company should lie also lie with the boardroom.

“Ultimately, cyber security is firmly a business issue, not a technology one,” Brown concludes.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *