Transcription
Cyber:Questions to ask yourselfIn our discussions with Board members, cyberis a topic that comes up time after time. This ispartly because of its technical nature – boardsfeel ill equipped to ask the right questions andto feel confident they are protecting theirbusiness appropriately.Board members don’t need to be technicalexperts. But you do need to know enoughabout cyber to be able to have an informedconversation with your experts, and understandthe right questions to ask.So here’s our take on the key questions toask if you want to make sure you’re protectingwhat’s most important to your business.Contact:Simon OwenNorth South Europe Cyber Leadersxowen@deloitte.co.uk020 7303 5133Phill EversonUK Head of Cyber Risk Servicespeverson@deloitte.co.uk020 7303 0012Is cyber securityembedded inour business?What do weneed to protectthe most?Do we havethe right skills?What is thelikely threat?What is ourcyber riskmanagementsetup?How do wemanage thirdparty risk?Do we have theappropriatesecurity measuresin place?What if the worsthappens?
Back to homeNext questionIs cyber security embedded in ourbusiness?Good cyber security is about people and cultureas much as it is about technology – it needs to beembedded in everything you do. Ask yourself: Who’s responsible for cyber security? Is cyber security part of our business riskmanagement process? How do we engage our people around cybersecurity? How do we stay on top of best practice?Contact:Simon OwenNorth South Europe Cyber Leadersxowen@deloitte.co.uk020 7303 5133Phill EversonUK Head of Cyber Risk Servicespeverson@deloitte.co.uk020 7303 0012
Back to homeNext questionWhat do we need to protect the most?Whether it’s the data you hold, your intellectualproperty or operational technology, everybusiness has assets they regards as their “crownjewels”. Ask yourself: Have we defined our critical assets – thosewe care about the most? How do we monitor and protect thesecritical systems, data or services?Contact:Simon OwenNorth South Europe Cyber Leadersxowen@deloitte.co.uk020 7303 5133Phill EversonUK Head of Cyber Risk Servicespeverson@deloitte.co.uk020 7303 0012
Back to homeNext questionWhat is our cyber risk managementsetup?Cyber security changes rapidly with newtechnology and solutions emerging all the time.This can mean that your risk management processcan easily become outdated. Ask yourself: Do we have a clear definition of the risks we’rewilling to accept and those we’re not? How do we know our risk prevention measureswill be effective?Contact:Simon OwenNorth South Europe Cyber Leadersxowen@deloitte.co.uk020 7303 5133Phill EversonUK Head of Cyber Risk Servicespeverson@deloitte.co.uk020 7303 0012 If there’s a new threat, how do we informdecision makers quickly?
Back to homeNext questionHow do we manage third party risk?Third parties increase the number of routesand external touchpoints in to your organisation,so it’s essential to manage this appropriately.Ask yourself: Do you have a good understanding of yoursupplier’s cyber controls and what data andnetworks they have access to? Do we have a plan for how will we keep thisunderstanding up to date? What will we do if one of our suppliers iscompromised?Contact:Simon OwenNorth South Europe Cyber Leadersxowen@deloitte.co.uk020 7303 5133Phill EversonUK Head of Cyber Risk Servicespeverson@deloitte.co.uk020 7303 0012
Back to homeNext questionDo we have the right skills?Cyber skills are in high demand and short supply.You need to make sure you have the right skillsto draw upon. Ask yourself: Do we have the right skills and people in place? What expertise do we have on the Board? How do we keep our skills current?Contact:Simon OwenNorth South Europe Cyber Leadersxowen@deloitte.co.uk020 7303 5133Phill EversonUK Head of Cyber Risk Servicespeverson@deloitte.co.uk020 7303 0012
Back to homeNext questionWhat is the likely threat?Understanding the threats faced by yourorganisation (and those you work with) willenable you to tailor your approach to cybersecurity. Ask yourself: Which threats are most relevant and why? How can you stay up to date – where do youobtain good threat intel from?Contact:Simon OwenNorth South Europe Cyber Leadersxowen@deloitte.co.uk020 7303 5133Phill EversonUK Head of Cyber Risk Servicespeverson@deloitte.co.uk020 7303 0012
Back to homeNext questionDo we have the appropriate securitymeasures in place?The right cyber security measures will reduce thelikelihood of significant incidents. Ask yourself: What cyber security controls do we use todefend against the most common attacks? How do we limit the impact of threats that getthrough our defences? How do we keep our IT infrastructure up todate?Contact:Simon OwenNorth South Europe Cyber Leadersxowen@deloitte.co.uk020 7303 5133Phill EversonUK Head of Cyber Risk Servicespeverson@deloitte.co.uk020 7303 0012
Back to homeWhat if the worst happens?Planning a response to a cyber-incident is thefirst step in reducing the impact of an attack.Ask yourself: What’s our incident management plan? Has itbeen tested? How do we know an incident has taken place? Who leads and who has delegated authority inthe event of an incident?Contact:Simon OwenNorth South Europe Cyber Leadersxowen@deloitte.co.uk020 7303 5133Phill EversonUK Head of Cyber Risk Servicespeverson@deloitte.co.uk020 7303 0012
Cyber: Questions to ask yourself In our discussions with Board members, cyber is a topic that comes up time after time. This is . The right cyber security measures will reduce the likelihood of significant incidents. Ask yourself: What cyber security controls do we use to
