NCSC targets business leaders with cyber security toolkit

New material is released six months after its CEO urged the c-suite to learn the very “basics” of cyber security

Board members round a table

The National Cyber Security Centre (NCSC) is hoping to raise the level of cyber security awareness among the most senior members of UK organisations to combat the wave of threats their businesses face.

Its new Board Toolkit, which specifically targets board members, company executives, and trustees, presents a general introduction to cyber security, and several sections that explore specific aspects of cyber security. It aims to encourage discussion about cyber security between organisations' boards and their technical experts and chief information security officers (CISOs).

Each of these sections outline what the cyber security aspect is, why it's important to board members, and recommends what they should be doing when faced with any particular flavour of cyber threat.

This material is presented via a combination of text, infographics, bullet-pointed checklists, and interactive elements. This is also packaged with an appendix of key legal and regulatory aspects, such as the General Data Protection Regulation (GDPR) and the Network and Information Systems (NIS) Directive.

"Good cyber security protects that ability to function, and ensures organisations can exploit the opportunities that technology brings," the toolkit says. "Cyber security is therefore central to an organisation's health and resilience, and this places it firmly within the responsibility of the Board.

"New regulations (such as GDPR) as well as high profile media coverage on the impact of cyber incidents, have raised the expectations of partners, shareholders, customers and the wider public. Quite simply, organisations - and board members especially - have to get to grips with cyber security."

The NCSC's board-level toolkit has also been released six months after its CEO Ciaran Martin challenged business leaders to urgently learn the "basics" of cyber security for the sake of their organisations.

Speaking at the CBI's four annual cyber security conference in September, Martin trailed the toolkit with a list of five basic questions business leaders can ask CIOs to gain a basic knowledge of their organisation's security needs. He added that "nodding to avoid feeling foolish can sometimes be the most foolish thing to do".

The material's release coincides with a recent government report highlighting worries that board-level executives at some of the UK's largest firms still don't understand the impact of cyber security

The annual Cyber Governance Health Check found that less than 16% of boards of FTSE 350 companies had a comprehensive understanding of the impact of a cyber attack. This is despite 96% of these firms having a cyber security strategy in place. 

The toolkit has been put together with input from a range of board from different sectors within the UK, as well as their CISOs. The material aims to put organisations' boards in a much better position to take proactive steps to avoid attacks in the first place.

"A common issue in the UK boardroom has been that cyber is delegated to the IT department and does not rise to the surface as a priority until a breach has occurred," said the president of techUK Jacqueline de Rojas.

"Given that a cyber attack is no longer an 'if' but more likely a 'when', board members need help with guidance on what to protect and how to go about it."

Business leaders shouldn't feel compelled to read the material in a single sitting, according to the NCSC, rather it's designed for them to dip in and out of.

Various topics embedded in the materials include growing cyber security expertise, embedding cyber security in an organisation's structures and objectives, and collaborating with suppliers and partners.

The toolkit also advises business leaders on how to handle the fallout after suffering a cyber incident, with its key recommendation being to drive a "no blame" culture. By not blaming any individual, the NCSC says, organisations will gain clearer analysis and insights to help prevent future cyber incidents.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021