The Institute of Chartered Secretaries and Administrators (“ICSA”) has published a guidance note, commissioned by the Department of Business, Innovation and Skills, to help boards to understand the risks associated with cybercrime.
The guidance emphasises that managing cyber risk should not be regarded simply as an IT issue and is different from other types of business risk because of the rapid evolution of technology and the resulting fundamental changes in the way business is conducted.
More particularly, the guidance focuses on:
- issues to address, including identifying potential adversaries
- conducting comprehensive risk assessments to understand the risks particular to each individual company
- why cyber risk is different from other kinds of risk
- actions for the board and audit committee