Browse our certifications
Find training
Open page navigation
Cyber Security

Boards must become fluent in the language of cyber security to improve the way their companies deal with threats, says APMG International.

When it comes to cyber security, when does ignorance become negligence? 

The Companies Act 2006 states that directors have a legal responsibility to act within their powers and promote the success of their companies, and to exercise independent judgement, reasonable care, skills and diligence. As the severity and frequency of data breaches has increased, cyber security has become an integral part of reasonable care of a company. It is therefore critical that Board members and Non-Executive directors have a full understanding of the threat landscape and their data protection strategies.

Richard Pharro, CEO of APMG, commented: “In the wake of recent breaches, CEOs and their Boards up and down the country are taking the time to assess their own cyber security posture – and if they’re not, they certainly should be. Responsibility for cyber security stops and starts at Board level and it’s critically important that Board members, Non-Executive directors in particular, have a firm grasp of their companies’ risks and vulnerabilities. We are fast arriving at a point when it is no longer acceptable for directors to say that they don’t understand technology or cyber security, which begs the question: When does ignorance become negligence?

“Many Board directors take comfort from the fact their organisations are compliant with standards, such as ISO 27001 and PCI DSS, and believe that their compliance is sufficient for dealing with the threats we face today. Unfortunately, it isn’t. While important, compliance speaks to the state of a business at a given time, but gives little indication about risks, which must be assessed and reassessed on a regular basis,” he continued.

Earlier this year, APMG launched a new cyber defence assessment tool for businesses, CDCAT, which provides a methodology and scoring system for cyber defence preparedness. Drawing on government, military and industry standards of best practice, the assessment shows where the gaps are, and provides a detailed roadmap on how to best mitigate these factors.

“Today’s cyber threat landscape is so sophisticated that security practices cannot prevent all attacks, and, plainly, TalkTalk won’t be the last company to experience a breach of this nature. But there are clearly defined steps that businesses can take to mitigate the impact of an attack or a breach – and make a tangible difference to their cyber defence preparedness. Tools such as CDCAT make the complex world of cyber security more accessible and easier to understand, shifting the discussion away from technology towards management and business practices. This in turn helps directors to identify vulnerabilities in their systems, processes and practices and to define strategy to mitigate risks to critical information assets,” he concluded.

ENDS

NOTES TO EDITORS
More information about CDCAT

About APMG International
APMG International is a global examination institute specialising in professional certifications. Our portfolio includes the prestigious Certified Cyber Professional (CCP) and GCHQ Certified Training (GCT) schemes, CDCAT® - the unique Cyber Defence Capability Assessment Tool and a host of industry recognised certifications; ISO/IEC 20000, ISO/IEC 27001, COBIT®5, IAITAM®, OBASHI®, RESILIA™ and many more.

https://apmg-international.com/products-search/60
@Cyber_APMG

Originally published 29 October 2015

 

 

RELATED PRODUCTS

AI Practitioner (AIP) Programme

Artificial Intelligence Practitioner Certification (AIP)

Learn how to use AI to reach your goals and reshape the way you work with the Artificial Intelligence Practitioner certification.

View more
CDCAT® Classic Assessment

CDCAT® Classic Assessment

Our cyber security risk assessment helps you identify the cyber risks facing your business and make an action plan.

View more
Large pile of timber logs perfectly stacked

ISO/IEC 27001

Demonstrate exemplary management of information security

View more
Close

Certifications & Solutions

Accredited Training Organizations

Leadership

Accredited training providers

Certifications & Solutions

Seleccione cualquier filtro y pulse Aplicar para ver los resultados