Key boardroom considerations

Cyber risks need to be proactively managed by the board and senior management. To do this, it is vital to understand the risks and plan appropriate responses.

Key questions:

  • how do you navigate competing cyber security and data protection related regulations in different jurisdictions worldwide?
  • what type of information does your organisation hold? Does it apply different levels of confidentiality to different types of data (such as public, personal, confidential, highly confidential)?
  • how do you assess risks related to those categories of information?
  • how can you protect that information?
  • what is the potential impact of losing that information? 
    • What would be the effect on your organisation if sensitive internal or customer information were lost or stolen?
    • What would be the effect on your organisation if internal or customer-facing online services were disrupted, for either a short or a sustained period?
  • who might want the information?
  • are your organisation’s IT training, policies and procedures sufficient?
  • who can help your organisation deal with these risks?
  • who is responsible for managing your cyber risk exposure?