New guide cybersecurity reporting to boards

With many board directors saying they are not getting comprehensive cybersecurity reporting, a newly launched cybersecurity guide is a wake-up call on information boards need.

Aimed at helping organisations combat cyber risk, Reporting cybersecurity to boards has been published by the Institute of Directors in partnership with leading cybersecurity consultancy, Aura Information Security.

“Everyone knows that cybersecurity is a critical risk that can cause serious damage to an organisation,” Institute of Directors chief executive Kirsten Patterson says. “Not only are cyber-attacks hugely disruptive, they have the potential to cause significant financial, competitive and reputational damage.”

“Many boards have had cybersecurity on the agenda for some time. But directors are telling us that they are not getting sufficient information about cyber risks and incidents, or the actions they have and should be taking to address these.”

“This is a problem and it is critical that cybersecurity reporting improves. Directors need comprehensive reports in order to assure themselves that key assets are being protected.”

“Our new guide sets out principles on reporting to boards, key questions to help identify and develop metrics, and sample dashboards. The guide is publicly available and it is intended to inform and inspire organisations to improve cybersecurity reporting to boards.”

“Cyber risk is just like any other business risk and requires ongoing board-level attention and responsibility,” Aura Information Security general manager Peter Bailey says. “The number of online attacks impacting New Zealand businesses is growing – both in number and complexity. In order to provide effective oversight, boards need to have access to regular high-level holistic reporting on cyber risks and the state of their organisation’s cybersecurity programme.”

Read the guide Reporting cybersecurity to boards

Media contact information