Order Now
Uncategorized

Cyber Resilience Best Practices And Recommendations For Corporate Boards

14 min read
Posted on 
April 18th, 2025
Home Uncategorized Cyber Resilience Best Practices And Recommendations For Corporate Boards

The Need for Cybersecurity System in an Organization

To Date: 22 January 2019

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

The Board of Directors

Subject: – Recommendations on the application of cyber resilience protocols

Respected Sirs/

As asked by you, i have prepared a report on the matter of cybersecurity and resilience protocol of organization. The report is attached herewith as Annexure “A” and it is to hope that the same would fulfill the purpose.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Thanking you

Anni Watson

Corporate Governance Consultant

In the current era, the use of technologies in businesses is very normal. In the context of an organization, technology refers to the computers, database, internet, networks and so on (Learn.org, 2019). Organizations use these technologies with the purpose to reduce the human efforts and to bring out more productivity out of the business activities. There are many benefits of these technologies that an organization enjoys. Nevertheless, the negative side of such use is also there. Use of technology also brings certain dangers for the organization, which is closely related to cyber-attacks. A cyber attack can be understood as an attack on a computer system or network with the intention to destroy or damage the same. A cyber-attack can be done in many forms, which attract the negative results on the functioning of an organization (Lehto and Neittaanmäki, 2018). Hacks and data breaches are the most common of cyber threats that an organization often faces. In order to protect the local networks and database from such attacks, a proper system of cybersecurity is required in an organization. In such a manner, the management of an organization is responsible to ensure the accountability, integrity, and confidentiality in the use of technology.

By reviewing the cyber-attack cases on daily basis, this is clear that hackers are developing techniques of hacking day by day and therefore the cybersecurity system of an organization must be capable to mitigate the risks out of the incidents of hacking. The report is targeted at briefing the different elements of cybersecurity in the organization. The meaning of cyber resilience, the requirement of the same, the role of the board is mentioned in the report. In conjunction with this, a set of recommendation is provided for the board of directors, which they can use while integrating cybersecurity protocol.

Cybersecurity system is referred to as the protection of the internet-connected system (Economictimes.indiatimes.com, 2019). This also includes the protection of data, software, and hardware from cyber attacks. The lead objective of this system is to provide a safeguard to data centers and other computerized systems from unauthorized access and another kind of cyber-attacks (Rouse, 2018). Every organization has different cybersecurity system according to the nature of business operations.

What is Cyber Resilience?

This is also necessary to know that what the requirement of cybersecurity system is. The role of cybersecurity system is very crucial in every organization. In the world of technology, the data of any business is available and secured to the computer systems. Cyber-attacks can destroy all these information within few seconds. The need for cybersecurity is not limited to the protection of business information but the same is extended up to the information related to client and other stakeholders (Pribanic, 2018).  Organizations have huge data on their systems and therefore the development of cybersecurity is an essential act to do. Following are some of the incidents that can happen in the absence of a cybersecurity system:-

  • Financial Frauds
  • Loss of privacy
  • Manipulation of data
  • Reputational damages

In addition to the aforementioned issues, the issue of intellectual property right protection is also a concern. Hackers often breach the privacy of others and use their intellectual property in their own name. The public keeps trust in an organization and the same breaches when an issue of data leakage comes into notice. To prevent the aforesaid as well as other issues in the organization, the cybersecurity system needs to be in place.

Before providing the recommendations to board in respect to integration of cyber resilience protocols, it seems to be important to have a look upon this term once. It is a relatively new term and is similar to cybersecurity. However, there is a difference between cybersecurity and cyber resilience (Shoemaker, Kohnke and Sigler, 2018). According to the definition provided by Australian Securities & Investments Commission, cyber resilience is the ability of an organization to-

  • Prepare for
  • Respond to and
  • Recover from the cyber attack

Resilience is not limited to the prevention of a cyber-attack but the same also include the ability of an entity to operate during a cyber-attack and to recover out of a cyber-attack (Senseofsecurity.com.au, 2019). Cyber resilience is helpful for an organization at the event of cyber-attacks.

A cyber-attack has many of the forms and the cybersecurity manager of the organization is required to be aware of these forms of an attack. The same can lead the economic as well as reputational damages to the organization. Few of the most common kind of cyber-attacks are discussed below-

  • Phishing: – This is the most general kind of cyber-attack. The lead victims of this fraud are the innocent individuals that are not well versed with the technology. In this kind of cyber fraud, hackers send some e-mails or text messages to the people, which look like e-mails from authentic sources (Incapsula.com, 2019). Nevertheless, in actual these e-mail comes from the fraud sources and the lead purpose of such e-mails are to steal the personal and sensitive data. For instance, login credentials and credit card details (Rost and Glass, 2011). By way of phishing, a hacker can get the details of clients, customers, or suppliers of an organization.
  • Malware: – The lead intention of this cyber-attack is to make harm to the computer system or network by using a program or program or a file. These programs and files are known as malware. Spyware, Trojan horses, worms, and computer viruses are examples of malware (Parkinson, Crampton and Hill, 2018). Malware usually attacks a system when a user clicks on some dangerous links. The damages happen because of malware are the potential base to get the information out of a system.
  • Password attack: – Usually organization keeps the confidential data secured with a password. In such a situation, the possibilities of password attacks are very high. Hackers required a password to access the client database, payment details, and other sensitive information. Hackers generally use script or program to crack the passwords (Mittal, 2018).
  • Social Media Threats: – Organizations these days using social media as the method of business promotion. Companies address the public information through this mode but the same can prove dangerous for the entity (Frias and Cordero, 2018). With the use of social media, numbers of social media threats are also increasing. Hackers can make the fake account on the name of the company and can get confidential information from the partners and other stakeholders. Such attacks are also a risk to the reputation of the company as hackers post the information that leads the adverse results to the public image and goodwill of the organization.

The above are only a few examples of cyber-attacks. In actual an organization faces many other challenges related to the security of network systems. These challenges are identity theft and cyber attacking, e-mail bombing and many others. In addition to this, the cyber-attacks also increase the other crimes in the organization such as internal fraud, money laundering, and others.

Common Types of Cyber-Attacks

With the development of corporate governance principles by Australian Stock Exchange, now it is the responsibility of the board of directors of the company to ensure the development of good governance. All the stakeholders look forward to the management of the company for the best practices. The board of directors the people responsible for good as well as bad corporate governance and therefore they are required to work in the best possible mode and manner. Data security is just another area of operation where the best judgment rule of the board is required. Regulators expect the board as well as the overall management of the company to plan their cybersecurity structure in an intelligent and effective manner. In recent time, APRA, as well as ASIC, issued certain guidelines in order to improve corporate resilience (Kommers, Isaias and Issa, 2014). In this manner, it seems to be necessary to develop the cybersecurity at board level. Apart from ASIC and APRA, the world economic forum is also working in the sector of cybersecurity of the organization and has issued the tools and principles for the board to advance the cyber resilience (Schwab and Davis, 2018). The tools offered by the forum are mainly focused on the governance and strategy. The board of the company has significant governance functions that include the governance of the overall organization. To initiate the cybersecurity and resilience protocol effectively on board level, certain recommendations have been made, which are mentioned as follow:-

  • Responsibility: – The board of directors is required to take responsibility for cyber resilience. Board is the highest management of an organization and is such a manner should take the ultimate responsibility of cybersecurity (Bloomberg.com, 2017). Here, the board is recommended to share the scope of cyber resilience and the same can also develop some committees such as cyber resilience committee to oversee the related activities. The responsibilities and functions of all the personnel should be clearly defined at executive as well as operational level.
  • Regular Updation:- Board should keep itself updated with the latest cyber-attacks or in other words the same should have the latest knowledge of the subject. If the members of board find themselves unable to get the update of the latest trends then the same are advised to take the help of independent or outsider expert.
  • Integration with overall governance:- The board needs to know that cybersecurity functions are also a part of corporate governance and the same should be part of the overall corporate governance structure. In other words, this is to say that the board should consider the cybersecurity as one of the activities of the company while allocating the budget and reviewing the risk management system of the entity.
  • Accountable officer: – In order to ensure the continued corporate survival and improved business performance, the board is advised to make a person liable for the reporting and review of matters related to cybersecurity. However the whole board is responsible to review the issues related to cyber-attacks, but appointing a person particularly for this purpose or making the same accountable can smooth the practices at board level.
  • Risk Assessment: – Only development of cybersecurity protocols is not enough but the assessment of the same is equally significant. The board is required to instruct the accountable officer to prepare the risk assessment report for the consideration of the board. Board in this manner holds the manager responsible to timely review all the cyber-attack incident and threats and to prepare a quantified report on the same.
  • Risk appetite:- The board is required to timely review the risk tolerance level of the organization with respect to cyber-attacks. The further board is to ensure that the cyber-attack event was under the limit of set standards (Weforum.org, 2017). In addition to this board is advised to timely review the past as well as future risk exposures along with the industrial benchmark and regulatory requirements.  
  • Review: – Similar to every other managerial plans and practice, the cybersecurity protocols and practices are also required to be a review. The lead purpose of this review is to check the victory and letdowns of the cyber resilience protocols. With the help of this review, the board can come to know about the gaps in the present system. Further, this is also necessary to state that such review should not be a one-time process but is required to be continuing ever.
  • Amendments: – After reviewing the loopholes and failures of current cybersecurity policy, the board would be able to make the changes in the same. Here it becomes the responsibility of the board to make the amendments wherever is require and to communicate the same to all the people involved in the process.

The above points are simply a recommendation and views of the directors are invited on the same.

Conclusion

In order to wrap up this report, this is to mention that after reviewing the same one is expected to understand the value of cybersecurity in the organization. In the world full of technology, chances of cyber attacks are very high. Organizations from all the industry are facing the issue of system failure and facing economic as well as goodwill loss. Hackers these days are being smart and updated and therefore the traditional methods and techniques seem to fail. Subjective report developed it is focused on many terms related to the topic. Starting from the general introduction, the meaning and requirement of cybersecurity system have been discussed. Assuming that chairperson, as well as other board members, have the basic knowledge of the technical terms, the meaning of the same has not been prescribed. Further, some basic kind of cyber-attacks has discussed in the report, as the board is required to be aware of the same. Further, among these common cyber-attacks, few such as Malware, phishing, social media threats have defined in details. These all information has been included in the report with the purpose to make the board well versed with the related terms. Further, while describing the role of the board in the cyber resilience, recommendations have been made for the same. These recommendations are generally the activities that the board is advised to do while dealing with the issue of cyber-attacks and implementing the cybersecurity policies. Some of the means that have suggested are a risk assessment, regular updation, and review and so on. By using these means and practices, board best integrate its cybersecurity and resilience protocols.

References 

Bloomberg.com,.(2017) Advancing Cyber Resilience: Principles and Tools for Boards. [online] Available from: https://www.bloomberg.com/news/sponsors/zurich/advancing-cyber-resilience-principles-and-tools-for-boards/?adv=6712&prx_t=ppUCA7aYMAM0ANA&ntv_fr [Accessed on 23/01/2019]

Economictimes.indiatimes.com. (2019) Definition of ‘Cyber Security’. [online] Available from: https://economictimes.indiatimes.com/definition/cyber-security [Accessed on 23/01/2019]

Frias, T., and Cordero, J. (2018) Cybersecurity: On Threats Surfing the Internet and Social Media. Telly Frias Jr Cordero.

Incapsula.com. (2019) Phishing Attacks. [online] Available from:https://www.incapsula.com/web-application-security/phishing-attack-scam.html [Accessed on 23/01/2019]

Kommers,P., Isaias, P., and Issa, K. (2014) The Evolution of the Internet in the Business Sector: Web 1.0 to Web 3.0. USA: IGI Global.

Learn.org (2019) What Is Computer Internet Technology?. [online] Available from: https://learn.org/articles/What_is_Computer_Internet_Technology.html [Accessed on 23/01/2019]

Lehto,  M., and Neittaanmäki, P. (2018) Cyber Security: Power and Technologyi. Switzerland :Springer.

Parkinson, S., Crampton, A., and Hill, R. (2018) Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. Switzerland :Springer.

Pribanic, E. (2019) Role of Cybersecurity in an Organization. [online] Available from: https://www.techfunnel.com/information-technology/role-cyber-security-organization/ [Accessed on 23/01/2019]

Rost, J. and Glass, R., L. (2011) The Dark Side of Software Engineering: Evil on Computing Projects. John Wiley & Sons.

Rouse, M. (2019) Cybersecurity. [online] Available from: https://searchsecurity.techtarget.com/definition/cybersecurity [Accessed on 23/01/2019]

Schwab, K., and Davis, N. (2018) Shaping the Future of the Fourth Industrial Revolution: A guide to building a better world. UK: Penguin UK.

Senseofsecurity.com.au. (2019) What is Cyber Resilience?. [online] Available from: https://www.senseofsecurity.com.au/what-is-cyber-resilience/ [Accessed on 23/01/2019]

Shoemaker, D., Kohnke,, A, and Sigler, K. (2018) How to Build a Cyber-Resilient Organization. NW: CRC Press.

Weforum.org. (2017) Advancing Cyber Resilience Principles and Tools for Boards. [online] Available from: https://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf [Accessed on 23/01/2019]

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now