Education and Awareness
The interconnect and enterprise wide nature of cyber risk creates a complex lens through which boards must view cyber security, cyber risk management, board governance and regulatory compliance. It is a risk that touches all aspects of an organisations financial statements, where ever data is created, stored or consumed the risk of cyber must be evaluated and the impact of cyber risk attested by the board.
EU NIS 2.0 and DORA regulations released in 2022 require board members of covered entities to undertake regular cybersecurity risk management education, and demonstrate their experience in the oversight and assurance of cyber risks. The 2022 Securities and Exchange Commissions(SEC) cybersecurity risk management, strategy, governance and incident disclosure proposal, requires boards to report their cybersecurity knowledge and experience to the SEC, and undergoe regular cybersecurity education. Australian regulators expect boards to have suitable skills to effectively challenge the cybersecurity of their organisations.
Executive cybersecurity risk management education
Boards are required to have knowledge and experience in cybersecurity risk management. That requires knowledge of both cybersecurity and risk management. Demonstrating that they have implemented a cybersecurity risk management framework and the appropriate cybersecurity practices to manage cyber their risks. To enable effective governance, oversight, assurance and attestation of cyber risks.
1. Delivering cybersecurity risk management education to boards and executive leadership teams.
2. 1:1 cyber risk management coaching for executives.
3. Evaluating and building cyber communications programmes.