Your role in creating a cybersecurity culture.
Chief Executive Officer
Chief Executive Officer
Chief Executive Officer
- Speak cyber.
- Champion a cybersecurity culture.
- Be prepared for the critical decisions.
- Build organisational muscle memory to deal with a breach.
- Know your personal liabilities, fiduciary and statutory responsibilities.
- Be ready to face the press, investors and law enforcement.
- Put in place an effective cybersecurity governance framework.
- Put in place trusted advisors.
Chief Financial Officer
Chief Executive Officer
Chief Executive Officer
- Cybersecurity investment planning.
- Benchmark cyber operational spend.
- Establish share price and investor sensitivity to cyberbreach.
- Cyber insurance policy holder
- Access to funds and mechanism to potentially pay ransom.
- Approval of unplanned 3rd party costs in event of cyber incident.
Chief Operating Officer
Chief Executive Officer
Chief Procurement Officer
- Owner of critical business assets.
- Responsible for BCP and DR process.
- Owner of quality standards (e.g. 27001)
- Workforce adherence to cyber policies and processes.
- Major incident management.
- Product and operational technology.
- Accountable for the organisation risk management process (optional).
- Oversight of CIO & CISO (optional).
Chief Procurement Officer
Chief Procurement Officer
Chief Procurement Officer
- Define cybersecurity obligations of 3rd party product and service providers.
- Test the cyber competency and skills of external providers.
- Establish clear guidelines on what cyber capability retained in house versus outsourced. Look beyond IT needs.
- Source appropriate cyber capability from the market.
- Review vendor coverage and effectiveness.
Chief HR Officer
Chief Procurement Officer
Non-Exec Director
- Cyber awareness training
- Employee related cyber policies.
- Insider threat consciousness
- Onboarding & Offboarding
- Identity & Access Management
- Cyber competency assessments
- Incorporation of cyber into work, health and safety policy and processes.
- Incorporating cyber awareness as a recruitment selection criteria.
- Competency testing candidates in cyberskills.
Non-Exec Director
Chief Procurement Officer
Non-Exec Director
- Understand legal obligations relating to cyber incident disclosure.
- Identifying who on the board (or which subcommittee) is responsible for cybersecurity and validating those individuals' relevant expertise.
- Frequency in which cyber is discussed as a Board agenda item.
- Knowledge of the processes used within the organisation to manage cybersecurity.
- Fiduciary responsibility to shareholders to understand the financial impact of a cyberbreach.