ICS report highlights weaknesses in cyber resilience awareness at board level
9 November 2020 | 0
A new report by the Irish Computer Society has found a lack of awareness of cyber resilience at board level.
The survey of 169 board members across industry in Ireland found that only 20% of boards either discussed or were being briefed on developments in cyber resilience, 80% had not participated in an incident response plan test over the past year and only 33% had received any cyber training over the same period.
A further one in six respondents said they organisation did not have a statement of risk appetite, and of those who did, only 50% said they were satisfied or very satisfied with their board’s position on cyber resilience.
Only half of respondents reported having received assurance from management or from independent external testing regarding the adequacy of their cyber defences.
“The survey results make it clear that urgent action is required in many boardrooms to equip organisations with the ability to recover rapidly from a cyber attack.” said Bob Semple, who led the research.
Half of respondents said they had not been briefed on the threats posed by third party contracts in the last year (17%) or ever (32%).
“Cyber risks affect us all – as individuals and in the organisations where we work. But in organisations, the consequences of a cyber attack can be far more serious – in terms of the losses suffered, operations paralysed and reputation damaged”, said Prof Mike Hinchey, President of the Irish Computer Society.
“For board members, the responsibility to address these concerns is enormous and the consequences of not doing so, potentially calamitous.”
Announcing the report, newly appointed ICS Secretary General Mary Cleary said: “We are very grateful to the work of the Cyber Resilience Working Group, a remarkably experienced group of ICS Fellows – the highest grade of professionalism within the society.
“The ICS has an important role to play in representing the voice of the IT profession, distinct from the IT industry, in public policy debate. This report does exactly that.”
The full report is available at www.ics.ie/cyberresilience.
Professional Development for IT professionals
The mission of the Irish Computer Society is to advance, promote and represent the interests of ICT professionals in Ireland. Membership of the ICS typically reduces courses by 20%. Find out more