Boards are traditionally populated with directors who have a very strong financial grounding, says Thomas Fikentscher Cyberark’s ANZ regional director. However, securing critical infrastructure from cyberattacks requires a more detailed understanding of risk.
It is an area where in other regards boards often apply considerable focus. For instance;
On this last point, he said boards in Australia tend to be populated by people with strong financial backgrounds.
“When people use the term metrics, they look at businesses in terms of financial metrics, so return on investment numbers, they go through P&L items, they understand how balance sheet should be structured, they understand how you actually have funding mechanisms. That's what a lot of board members come from.”
“This concept of risk needs to be discussed in more depth. And I think there are metrics that you can actually look at when you think about risk.”
“In my opinion a risk such as cybersecurity should be elevated to the level of critical enterprise risk, which means it can threaten the viability of a business if not managed properly (like issues such as credit risk for a financial institution or supplier risk for a manufacturing business).”
He believes some boards may treat cyber security as an emerging risk. “This is where newer elements such as climate change, demographic shifts and also cybersecurity might sit.”
“The problem is that boards often are less informed in these areas and have less experience as they wouldn’t have exposed during their active period as operational managers. Although it’s ultimately a job of the operational leadership team to manage these new risk items, boards should spend more time to learn more about it and discuss the consequences in detail.”