The Institute of Chartered Secretaries and Administrators (ICSA) published a guidance note designed to help boards to understand the risks associated with cybercrime as managing cyber risk is a business-critical activity, and cannot be regarded as simply
an IT issue.
Cyber risk is different from other types of risk because of the rapid evolution of technology and the resulting fundamental changes in the way business is conducted. Boards need to think differently and consider taking wider advice, to ensure they fully
understand the issues faced by their company in order to manage the risks appropriately.
The guidance focuses on:
- issues for boards to address, including identifying potential adversaries. This
includes a list of points that boards might find it helpful to focus on;
- why cyber risk is different from other kinds of risk;
- assessment and management of cyber risk; and
- actions for the board and audit committee which includes a list of key questions which boards may wish to use to challenge management as they seek to improve their cyber security.