NCSC targets business leaders with cyber security toolkit

New material is released six months after its CEO urged the c-suite to learn the very “basics” of cyber security

Board members round a table

The National Cyber Security Centre (NCSC) is hoping to raise the level of cyber security awareness among the most senior members of UK organisations to combat the wave of threats their businesses face.

Its new Board Toolkit, which specifically targets board members, company executives, and trustees, presents a general introduction to cyber security, and several sections that explore specific aspects of cyber security. It aims to encourage discussion about cyber security between organisations' boards and their technical experts and chief information security officers (CISOs).

Each of these sections outline what the cyber security aspect is, why it's important to board members, and recommends what they should be doing when faced with any particular flavour of cyber threat.

This material is presented via a combination of text, infographics, bullet-pointed checklists, and interactive elements. This is also packaged with an appendix of key legal and regulatory aspects, such as the General Data Protection Regulation (GDPR) and the Network and Information Systems (NIS) Directive.

"Good cyber security protects that ability to function, and ensures organisations can exploit the opportunities that technology brings," the toolkit says. "Cyber security is therefore central to an organisation's health and resilience, and this places it firmly within the responsibility of the Board.

"New regulations (such as GDPR) as well as high profile media coverage on the impact of cyber incidents, have raised the expectations of partners, shareholders, customers and the wider public. Quite simply, organisations - and board members especially - have to get to grips with cyber security."

The NCSC's board-level toolkit has also been released six months after its CEO Ciaran Martin challenged business leaders to urgently learn the "basics" of cyber security for the sake of their organisations.

Speaking at the CBI's four annual cyber security conference in September, Martin trailed the toolkit with a list of five basic questions business leaders can ask CIOs to gain a basic knowledge of their organisation's security needs. He added that "nodding to avoid feeling foolish can sometimes be the most foolish thing to do".

The material's release coincides with a recent government report highlighting worries that board-level executives at some of the UK's largest firms still don't understand the impact of cyber security

The annual Cyber Governance Health Check found that less than 16% of boards of FTSE 350 companies had a comprehensive understanding of the impact of a cyber attack. This is despite 96% of these firms having a cyber security strategy in place. 

The toolkit has been put together with input from a range of board from different sectors within the UK, as well as their CISOs. The material aims to put organisations' boards in a much better position to take proactive steps to avoid attacks in the first place.

"A common issue in the UK boardroom has been that cyber is delegated to the IT department and does not rise to the surface as a priority until a breach has occurred," said the president of techUK Jacqueline de Rojas.

"Given that a cyber attack is no longer an 'if' but more likely a 'when', board members need help with guidance on what to protect and how to go about it."

Business leaders shouldn't feel compelled to read the material in a single sitting, according to the NCSC, rather it's designed for them to dip in and out of.

Various topics embedded in the materials include growing cyber security expertise, embedding cyber security in an organisation's structures and objectives, and collaborating with suppliers and partners.

The toolkit also advises business leaders on how to handle the fallout after suffering a cyber incident, with its key recommendation being to drive a "no blame" culture. By not blaming any individual, the NCSC says, organisations will gain clearer analysis and insights to help prevent future cyber incidents.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021
Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

20 Jan 2021

Most Popular

SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021