This morning I attended the AICD’s “Governing Through a Cyber Crisis” because I was interested to see what strategies for building a cyber-resilient organisation would be covered at a board level. As a 30-year tech professional, I reckon there’s a difference between governing through a crisis and building a cyber-resilient organisation – but it depends how you look at it.
As outlined, the talk focused on how a board would manage a situation where the horse has already bolted. It covered ensuring the right people are in place to manage the situation, reporting to authorities in the event of a breach, communications and media management – all very important, and we’ve seen the fallout when these things aren’t done right. In this context, “cyber-resilience” is about making sure your organisation is set up to manage the inevitable cyber situation.
What really stood out for me was that we only touched on preventative measures – auditing, including third party vendors, and penetration testing – after 51 minutes, and AI at 55 minutes. Doing all this and more to try to prevent the situation from occurring in the first place, AND having the strategies in place to manage if it fails, is how I define true “cyber-resilience”.
This article was first published on LinkedIn and is also on the ENVEE Digital blog.
0 comments:
Post a Comment
COMMENTS ON THIS BLOG ARE FULLY MODERATED.
Comments with backlinks will be marked as Spam and never published.