Cyber Security: Revisiting the Questions the Board Should Ask

One Board member must be in charge and their pay package must ride on it

In 2015, in the wake of the TalkTalk data breach which made a massive impact in the UK media and even got politicians involved, we first explored the key questions the Board should ask in large firms around cyber security.

What a difference 4 years can make … At the time, our line of thought was very much on making the Board understand exposure to cyber threats and what was being done to counter them, especially across the supply chain as the concept of a hyper connected world bound by data and powered by emerging technologies was on the horizon.

At the time, the McKinsey Institute was estimating that emerging technologies could create up to USD 20 trillion of economic value, out of which cyber threats could destroy up to 3. Although we have seen no update on this research and its eventual accuracy, it cannot be denied that cyber-attacks have intensified and have been widely reported across the last 5 years — from Sony in 2015 to CapitalOne this year, with Equifax, British Airways and Marriott reporting breaches in the last 12 months alone, and not discounting the wide-spread Wannacry / NotPetya virus outbreak of 2017, which impacted badly industrial and logistics giants…