This week, Templar held our first ever Cyber Security event for Non- Executive Directors. The event held in Whitehall aimed to join Non-executive Directors together from a conglomerate of organisations to discuss the ever evolving Cyber threat and how they can help get Cyber Security on the Board agenda. Templar was joined by two excellent speakers, Sir David Pepper, Ex- Director of GCHQ and Wendy Barnes, a leading Non-Exec.
The speaker session was split into two halves, Sir David Pepper’s focus being primarily on the ever evolving Cyber Threats and Risks that businesses are exposed to. Sir David outlined the range of cyber threats to organisations, highlighting the business risks that organisations are exposed to if attacks are successful. He then went on to advise on how the Board can mitigate such business risks. Whilst a solid IT system is hugely important, Sir David emphasised that training and educating staff on the threat is crucial with ‘the majority of security breaches can be traced to what people have done wrong’. A business can have the most robust IT system but if a member of staff gives away a password, there is nothing the IT department can do – and the consequences could become a serious business issue.
Wendy Barnes took over from Sir David to discuss with those in the room how they can aid the Board in tackling the Cyber threats posed to organisations. There was particular emphasis on the fact that Boards ‘need to take a both a holistic approach to Cyber risk and take ownership of this holistic issue’. Whilst tackling the threat, Wendy stressed that businesses also need to make sure they focus on the opportunities the Cyber world provides them. In order to do this Boards need to understand cyber risks so they can take control of important decisions and have assurance that risks are being effectively managed and mitigated’.
The event was a great opportunity for Non-Executives to engage with peers about how to tackle the Cyber Security issue within their organisations. There was a discussion on the different approaches they have taken to highlight the threats and business risks Boards are exposed to if they do not adopt it into their agenda and champion Cyber at the Board level.