EDITORIAL: NEW CYBER GOVERNANCE CODE LAUNCHED

Given the recent news coverage about the cyber-attacks at Marks & Spencer, the Co-op and Harrods, no doubt concern about cyber is one of the top items keeping Chairs and non-execs awake at night.

So, it is very timely that last month the Government published a Cyber Governance Code of Practice designed to help directors and business leaders to protect their organisations against such attacks.

50% of businesses and 66% of high-income charities report that they have experienced some form of cyber security breach or attack in the last 12 months. The prevalence of attacks is even higher amongst medium businesses (70%) and large businesses (74%).

Governing cyber risk requires strong engagement and action at a leadership level. Cyber incidents can disrupt business continuity, reduce an organisation’s competitiveness, and damage customer trust. Cyber risk is a material risk for almost all organisations and boards and directors need to be able to govern this risk effectively.

Building and maintaining cyber resilience is therefore crucial to protecting organisations’ financial viability. By doing so, organisations are able to take full advantage of digital technologies, like artificial intelligence, to drive the business strategy and improve business performance.

The Code is specifically written for those with high-level oversight of an organisation to highlight to boards what their responsibilities are rather than those who are responsible for the day-to-day management of cyber security.

It sets out five principles:

1. Risk management

2. Strategy

3. People

4. Incident planning, response and recovery

5. Assurance and oversight.

The report can be accessed here including details of free online training for each of the principles.