log4j

Source: Unsplash/Sigmund.

Legal
Claire Pales and Anna Leibel

Answered: The five most common cybersecurity questions company directors ask

Authors
Claire Pales and Anna Leibel
Cyber Security
5 minute Read

Cybersecurity has moved rapidly from the backrooms of the IT department into the boardroom, meaning company directors must be aware of their obligations when it comes to protecting the systems and data their organisations rely on. The scope is now significantly broader than corporate and customer information; it also includes risks with third party suppliers and an understanding of the threats within the wider landscape businesses operate in.

Boards ask trusted advisors many questions about cybersecurity, although a few keep coming up over and over again. Here are the five most common cybersecurity questions asked regularly by company directors.

The most common questions (and the answers)

1

Should we pay the ransom?

Senior leaders and boards must have a plan in place to manage and respond to ransomware attacks, and that must include clear guidance and agreement on whether ransoms should be paid. Every organisation must discuss and practice incident response including consideration for what to do in the case of a ransom demand. It’s also important to understand that ransomware has also given rise to attacks where not only has data been encrypted and made inaccessible, but attackers have also stolen data and threatened to expose it on the public domain in order to ‘incentivise’ victims to pay.

Today, in most cases, it is not illegal to pay a ransom. However, board members must make a decision about whether they will pay and what the threshold for payment is. For example, you may decide not to pay if the workstations compromised can be contained and recovered without affecting customers or data. But you may decide to pay if there is a significant disruption to your business operations or data confidentiality is at risk. There is always the risk that if you do pay, it still may not lead to a full recovery of systems and data.

Become a SmartCompany Plus subscriber to keep reading

Get your first 30 days FREE
Subscribe now
Already a Plus member?