Cyber Security Governance

It is now more important than ever to ensure your organisation has its cyber security governance up to date.

As regulators call for organisations to prioritise their cyber security, Boards have a critical role in ensuring their organisation’s cyber security framework is fit-for-purpose and robust enough to adequately combat cyber threats.

Some key areas which Boards should consider and regularly review include:

What is the organisation’s cyber security risks and what are the potential impacts?

Matters to consider include:

• What are the organisation’s biggest cyber threats?
• What is the organisation’s appetite for risk regarding privacy and cyber safety and security?

Does the organisation have the right policies in place and are they up to date (and regularly reviewed)?

Policies an organisation should consider adopting and reviewing include:

• Privacy Policy
• Cyber Security Policy
• Data Breach Response Plan
• Data Retention and Destruction Policy
• Confidentiality Policy
• Acceptable Use of Electronic Media Policy

How does the organisation make decisions relating to and affecting cyber security?

It is essential that the Board has visibility of the organisation’s appetite for risk regarding privacy and cyber security.

Does the organisation have an incident response plan?

Is there a communication plan in place so that all those affected are informed of a cyber security breach and sets out how the organisation will recover from the breach and continue operating? 

Assistance from Jackson McDonald

Jackson McDonald’s experienced team can provide advice and assistance with implementing a fit-for-purpose cyber security governance framework for your organisation. If you would like more information or assistance, please contact Elizabeth Tylich or Emma Chinnery.