What New Zealand Boards Can Do to Deal with Cybersecurity
Media Statement
For immediate release
Monday 29 May
2017
What New Zealand Boards Can Do to Deal with
Cybersecurity
Cybersecurity experts and reputation
specialists have teamed up to help New Zealand businesses
prepare to deal with cyber threats and the extreme
reputational risks associated with the fall-out.
Michael Wigley, Principal at Wigley & Company and co-author of new book Confronting Cybersecurity in the Boardroom, said that directors and senior management are looking for specific recommendations to help them address cyber risk.
“A lot of cybersecurity guidance, including the shroud-waving around the recent WannaCry crisis, misses the bigger picture. Directors already appreciate the enormity of cyber risk, that new threats are always imminent and that most boards are not doing enough. None of this is news. The real question is: what can they do about it?”
In the most recent directors’ survey by the New Zealand Institute of Directors, 32% of respondents said they did not have a framework for managing cyber-attacks. The new book puts forward recommendations for a multi-faceted approach to preparing for and managing a breach.
“After the dust has settled, reputational fall-out is often the enduring legacy of a cybersecurity breach, so pre-planning is critical,” says Anna Kominik, Communications Strategist and co-author.
“A prepared organisation will have a tested crisis management plan with defined roles, a checklist of steps, a media strategy, and input from a number of teams, including legal, HR and PR.”
Michael Wallmannsberger, a cybersecurity consultant, former Chief Information Security Officer at Wynyard Group, and longstanding director, says that for many boards, the biggest issue is actually making this happen.
“Boards need to upskill themselves, retain independent access to experts or appoint a board member that has security expertise to clearly define its security risk appetite, ensure that management assigns appropriate resources to an independent function to manage security risk, and hold management to account for risk.”
ENDS