Cyber security enhancement crucial for boards, says cyber expert
Board leaders and members must be proactive in reinforcing their firm’s cyber security, a BDO cyber leader has advised.
In acknowledgement of Cyber Security Awareness Month, BDO has revealed tips and advice for company boards to enhance cyber security knowledge.
The professional services firm highlighted cyber security incidents are not only increasing in frequency but also in cost, which calls for boards to do more.
BDO national leader of cyber security Leon Fouche said the average cost of a data breach in 2024 in Australia is $4.03 million – the highest to date.
“Financial repercussions are not the only cost organisations face when they deal with a cyber security incident, as reputational and operational damages can also cripple the business,” Fouche said.
“Board members must play an active role in mitigating and prevent cyber attacks.”
According to the firm, only 12 per cent of S&P 500 companies have a current or former board member who is a cyber expert.
“This knowledge gap may be hurting your organisation now and, in the future,” Fouche said.
BDO revealed the six best strategies to increase cyber security knowledge so that boards can successfully oversee their organisation’s cyber security programme.
“Bridging the current knowledge gap is essential,” BDO said.
“This will help ensure cyber security is adequately addressed in regular board meetings and allow boards to confidently carry out their duties where cyber security is concerned.”
These strategies include establishing regular cyber education system sessions, refocusing the metrics, leveraging industry benchmarks, and bringing in external cyber security experts.
BDO also recommended conducting cyber simulations, providing oversight during an incident and always looking back on certain situations with hindsight.
According to BDO, this would leverage a company’s ability to resist cyber attacks and how a board and its members are viewed in light of cyber incidents.
Fouche said the level of scrutiny around a board of directors has changed in recent years, meaning a proactive attitude must be adopted towards cyber security.
In a recent Gartner study, it was revealed that 88 per cent of boards of directors said they view cyber security as a business risk.
“It is your fiduciary duty to not only provide independent oversight to manage the company’s cyber security posture but also to challenge your organisation in different ways to raise the bar for your defence framework,” Fouche said.
Along with tips on what boards could be doing to reinforce cyber security, BDO said the main areas of focus that required significant attention were strategic alignment, regulatory compliance, governance and oversight, monitoring and reporting, expert engagement, and cyber incident response.
Fouche said boards should focus on these areas to ensure responsible oversight.
“As technology becomes increasingly intertwined with business objectives, board members need to evaluate technology decisions in the same way they evaluate strategic business decisions,” he said.
“Just as the board guides an organisation’s business direction, it is now also responsible for ensuring that the correct technology elements are enabled to support the business strategy and that the right level of cyber risk tolerance is achieved and managed.”
About the author
