Board involvement in Incident Response

It was interesting to read the Ipsos report on Cyber Security Skills in the UK Labour Market 2023 , which highlighted the ongoing frustrations and challenges in recruiting, training, and retaining staff across all domains of cyber security. In addition to these well-known challenges, the report highlights an upward trend in businesses lacking confidence in their in-house cyber incident management skills, and a lack of confidence that senior managers and board-level executives understand what steps need to be taken to manage an incident.

Whilst it is encouraging to see that boards are increasingly understanding cyber risks, clearly more needs to be done to help educate senior management on what their involvement during an incident is. It has always been the case that cyber incidents have required a business response and not just a technical response, but with the recent growth of ransomware attacks the operational risk of falling victim to an incident is bigger than ever.

It is in the translation of cyber risk to operational and business risk that we have been able to improve board-level understanding, however, we now need to work on the mitigations, and help senior management lessen the impact of an attack when it counts most.

There are a number of ways to do that, but in my opinion one of the most effective ways is to put them through the experience of a simulated cyber incident that educates senior leaders to their roles and responsibilities when an attack occurs, and makes them aware of how they can help ensure a successful response. This includes not just input from in-house legal, finance, and other business leads and external domain experts, but also quickly setting the direction and prioritising the many demands that will be placed on the team, and driving a no-blame, no-fear culture.

Over the past 15 years I have worked with the boards of many organisations who have fallen victim to devastating incidents, and have seen first-hand the positive impact that effective leadership and direct board involvement has on successfully navigating through an attack. Whilst we’re all trying to work out how we attract and train the new top talent in our industry, we can help ourselves by working with our senior leadership to educate them on their role in positively influencing the outcome of an attack.

If you would like to discuss how our Incident Response team can help educate senior leaders on their role during an incident, contact James Alman-Talbot, Quorum Cyber’s Head of Incident Response & Threat Intelligence, or get in touch today.