ICSA urges boardrooms to wake up to cybercrime. isleofman.com Business News

Boardrooms need to change their attitude if they are to protect themselves against cyber attacks, as security breaches within companies continue to rise and the cost to British business reaches billions of pounds, according to guidance published today by the Institute of Chartered Secretaries and Administrators (ICSA).

Commissioned by the UK Department for Business, Innovation and Skills (BIS), ICSA has produced a Guidance Note, with contributions from industry experts, to place cybercrime firmly at the top of the boardroom agenda. The report identifies four key challenges for board members:

• Understand cyber risks particular to the company
• Allocate a budget to cyber crime prevention
• Focus on building resilience to attacks that get through the system, rather than preventing all attacks
• Identify a director responsible for the oversight of the company’s cybercrime strategy

Seamus Gillen, Director of Policy at ICSA, said: ‘Cybercrime relates to economic crime committed using the internet and computers. It is not just another risk. Nor is it simply an IT issue which can be resolved by investing in technology alone. When, not if, this risk crystallises, it could destroy a company. This is a mainstream board issue.’

Gillian Prestwich, Chair of ICSA Isle of Man Council said: ‘This is an issue equally relevant here in the Isle of Man and we recommend this Guidance Note to all of our Isle of Man colleagues.’

The Guidance Note points out that the internet provides an anonymous and profit-making play area for cyber criminals, including organised gangs engaging in fraud and theft of money, employees causing damage accidently or deliberately, competitors trying to gain an edge by accessing confidential data, organisations seeking to destabilise economic activity through sabotage and/or cyber espionage, and computer hackers or hacker activists promoting an agenda.

David Willetts, UK Government Minister for Universities and Science, said: ‘Businesses are at more risk of cyber attack than ever before, putting valuable assets like financial data and intellectual property at risk. However as the guidance shows, there are simple steps that can be taken to improve cyber security and protect their bottom line.’

Cyber criminals can carry out an attack remotely, in a single hit or over a period of time. ICSA emphasises that companies may not be aware of their vulnerability to cyber activity and often may not even be aware they have been attacked for some time.

Gillen said: ‘The impact of an attack can be disastrous financially and reputationally. Companies may not have sufficient in-house expertise to devise a cybercrime strategy and should, if necessary, seek external advice.’

To conclude, the Guidance Note emphasises that the assessment of an organisation’s risk profile should be carried out across the entire company, covering human resources, finance, IT, marketing and legal. The evaluation should also analyse the liabilities which third party providers and company suppliers bring. The Company Secretary plays a vital role in making sure the strategic importance of cybercrime is recognised through the frequency and adequacy of risk reports delivered to the board and audit committee.

Photo - Seamus Gillen