An introduction to cyber security for board members

An introduction to cyber security for board members

Helping to make the UK the safest place to live and work online The NCSC: Understands cyber security and distils this knowledge into practical guidance that we make available to all. Responds to cyber security incidents to reduce the harm they cause to organisations and the wider UK. Uses industry and academic expertise to nurture the UK's cyber security capability. Reduces risks to the UK by securing public and private sector networks.

What is cyber security?

Cyber security: a definition “Cyber security is how individuals and organisations reduce the risk of cyber attack. Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets and computers) and the services we access - both online and at work from theft or damage. It's also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.”

Cyber security: myths and reality 1. Cyber security is too complex for me to understand. 2. Cyber attacks are sophisticated. We can’t stop them. 3. Cyber attacks are highly targeted. Our organisation is unlikely to be interesting and/or valuable enough to attackers.

TalkTalk breach: evaluating the cost 101, 000 60 million 15 million Subscribers left Total loss that quarter Trading impact 40 - 45 million 400, 000 ‘Exceptional’ costs Fine from ICO (at that time the largest of its kind)

“Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.” - Elizabeth Denham, Information Commissioner

Cyber security as a board level responsibility 1. Nearly all organisations depend on digital technology to function. 2. The potential cost of remedying a cyber incident can be significant. 3. The risk of reputational damage. Cyber security is therefore essential and needs to be understood as an enabler.

What priority do organisations attach to cyber security? Department of Digital, Culture, Media and Sport’s (DCMS) 2020 Cyber Breaches Survey https://www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020

What type of breach or incident was identified? Department of Digital, Culture, Media and Sport’s (DCMS) 2020 Cyber Breaches Survey https://www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020

Do boards have members with a cyber security brief? Department of Digital, Culture, Media and Sport’s (DCMS) 2020 Cyber Breaches Survey https://www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020

Next steps: The Cyber Security Toolkit for Boards: Helping board members get to grips with cyber security.