Board of Cyber

I have a lot of sympathy for UK boards of directors. UK boards of directors have had cyber pushed onto their agenda by the government, regulators and the Financial Times for several years. Unfortunately many board members are often ill-equipped to fully understand the executive decisions regarding cyber they have now…

Follow the Money

When we talk about security with the business we need to talk about money. I have occasionally run into colleagues whose answer to risk-based governance approaches and performance-based management approaches has been to say “Show me the money!”. I understood their desire to see security operate in the language of…

Cyber Exercising

Cyber Exercises are a powerful and valuable tool but it is easy to confuse what we mean. I was a member of the Scenario Design Group for the Bank of England’s Waking Shark 2 cyber exercise this year. It was a fascinating experience, seeing how the top cyber/technology risk people…

Cyber’s Dirty Secret?

In 2011 the U.S. Securities and Exchange Commission (SEC) issued guidance on the disclosure of Cyber risks and Cyber incidents where they may significantly affect the risk of investing in the company reporting to the SEC. This was controversial at the time and has led to an interesting revelation recently; many of the biggest…