NEDs’ best form of defence is defence, warns cyber expert

NON-EXECUTIVE directors have a host of cyber security issues to take into account, according to an information security expert talking at the Channel Islands NED Forum last week.

Adam McElroy, Deloitte UK lead for identity and access in financial services
Adam McElroy, Deloitte UK lead for identity and access in financial services

Adam McElroy, Deloitte UK lead for identity and access in financial services, highlighted eight risk themes that have affected organisations over the last 12 months, and warned of the fast-moving nature and impact that cyber issues can have on share price and long-term reputation.

Current cyber security themes now include catastrophic technology and data loss which sees cyber criminals and nation states aiming to destroy data, rather than simply steal it, he said.

More help on cyber security matters is now coming from law enforcement and government agencies, such as the National Cyber Security Centre and additional support from specialists in the larger police forces.

‘These new agencies mean we have a range of guidance available, cyber hygiene principles, and in the case of the Information Commissioner’s Office we have both a regulator and a constructive source of advice,’ Mr McElroy said.

The ubiquity of smart devices and constantly connected enterprise, makes us all more reliant on technology and brings opportunities but also risk.

He also warned that cyber threats do not always come from the outside.

‘There is an increasing trend for individuals to compromise the integrity of their organisations. This might be direct and deliberate actions by activists; however, often internal cyber issues come from errors made by staff who make a genuine mistake or need more support or training for their role.’

The ethical and legal ramifications of ransomware attacks, also pose complex issues for NEDs who may need to debate the question of paying a ransom, which could conflict with anti-terrorism or anti-money-laundering regulations. How might you pay in cryptocurrency? Should you even consider paying a ransom and where can you get legal advice? These are questions that NEDs must to be equipped to consider, Mr McElroy said.

‘Boards should expect a growing level of scrutiny from regulatory authorities and other stakeholder groups in how they deal with cyber risk,’ said Mr McElroy.

‘There are many resources available to NEDs and executives and, in summary, we believe the best form of defence is defence.’

Helen Gale, a partner at Deloitte, told the NED Forum that information security is one of the most challenging topics that boards are currently facing.

‘If NEDs in the Channel Islands are to retain their quality and competitive edge, it is critical to keep abreast of topics like cyber risks,’ she said.

An executive briefing on these and other current cyber-risks can be downloaded here: bit.ly/2pwc4Mn.

Top Stories

More From The Jersey Evening Post

UK & International News