ICS report highlights weaknesses in cyber resilience awareness at board level
9 November 2020 | 0
A new report by the Irish Computer Society has found a lack of awareness of cyber resilience at board level.
The survey of 169 board members across industry in Ireland found that only 20% of boards either discussed or were being briefed on developments in cyber resilience, 80% had not participated in an incident response plan test over the past year and only 33% had received any cyber training over the same period.
A further one in six respondents said they organisation did not have a statement of risk appetite, and of those who did, only 50% said they were satisfied or very satisfied with their board’s position on cyber resilience.
Only half of respondents reported having received assurance from management or from independent external testing regarding the adequacy of their cyber defences.
“The survey results make it clear that urgent action is required in many boardrooms to equip organisations with the ability to recover rapidly from a cyber attack.” said Bob Semple, who led the research.
Half of respondents said they had not been briefed on the threats posed by third party contracts in the last year (17%) or ever (32%).
“Cyber risks affect us all – as individuals and in the organisations where we work. But in organisations, the consequences of a cyber attack can be far more serious – in terms of the losses suffered, operations paralysed and reputation damaged”, said Prof Mike Hinchey, President of the Irish Computer Society.
“For board members, the responsibility to address these concerns is enormous and the consequences of not doing so, potentially calamitous.”
Announcing the report, newly appointed ICS Secretary General Mary Cleary said: “We are very grateful to the work of the Cyber Resilience Working Group, a remarkably experienced group of ICS Fellows – the highest grade of professionalism within the society.
“The ICS has an important role to play in representing the voice of the IT profession, distinct from the IT industry, in public policy debate. This report does exactly that.”
The full report is available at www.ics.ie/cyberresilience.
Is this an area of interest? Tailored training for IT Professionals
The Irish Computer Society provides members with the necessary qualifications, skills and training needed to succeed and excel within the profession.
Upcoming courses which may be of interest include:
- Certificate in Business Analysis – offers academic accreditation for business analysts through the use of proven business analysis techniques. Up to 100% funding available.
- European Certified Data Protection Officer (ECDPO) – This programme has been designed to equip Data Protection Officers with the necessary skills and competencies to meet and maintain all aspects of data protection compliance.
- CDPP – Certified Data Protection Practitioner – Be confident that your organisation’s policies and procedures are legally compliant with data protection legislation by completing Ireland’s first certified data protection practitioner programme.