Cyber security is not a sprint, it's a marathon. It is neither a product nor a state; it is an ongoing process that needs to be strategically put in place within a company by top management – at the board of directors and senior management level. Why is that? These days, cyber risks are rated as the greatest threat to companies; and they are a substantial part of business risk. They can no longer be delegated to the IT department for them to deal with on their own. This means that cyber resilience must be on the agenda of the company’s leadership. The board of directors and the senior management play a key role that must not be underestimated. Find out what this is and how to navigate successfully in our Cyber-Resilience-Guide.
Once again cyber criminals are targeting companies more and more. There are multiple reports in the press and on social media, and there is no end in sight to this negative trend – quite the opposite in fact. Recent studies show that over 60% of Swiss companies have been victims of cyber crime in the past year alone. In comparison to other countries in the DACH region, Switzerland is still more or less getting off lightly. In Germany, 67% of companies have been victims of a cyber attack, and in Austria it's 84%, and the number of unreported cases is likely to be much higher. What is particularly worrying is that, in our experience, the size of the company no longer matters, so you and your company could be hit at any time.
Cyber security is a central issue and is crucial to a company's business success. The effects of cyber attacks are extremely serious and can often even threaten a company's very existence, so it is unsurprising that numerous companies impacted by them have already been forced to file for bankruptcy. SMEs in particular are not out of danger when it comes to cyber attacks. In addition to the financial impact, they can also lead to other, very diverse consequences:
This precarious risk situation alone means that it goes without saying that cyber resilience needs to be on the agenda for the board of directors and senior management team of every company. But what exactly does cyber resilience mean? Well, what we mean by it is the merging of cyber security, risk management, business continuity and resilience practices that enhance a business's ability to withstand and recover from a cyber attack.
According to the Swiss Code of Obligations (CO), as a member of the board of directors and the senior management team, you have a role that is a particularly decisive and responsible one, which is to develop an integral risk management system, to implement it successfully in the company and to monitor it. Now the question is, what is the situation like in your own company when it comes to these matters?
Don't worry if you don't have a definitive answer. We are here to help you with that. In this article, we will focus on the issue and challenge of what you, as a board member, need to do prior to a security incident. We're going to concentrate our full attention on prevention. In our Cyber-Resilience-Guide which we have developed especially for boards of directors and management boards, you will find out about complete all-around protection, and we will be focusing on your entire area of responsibility in terms of cyber security. By this, we mean what you need to do before, during and after a security incident. Our goal for and expectation of you is that you achieve a high level of cyber resilience in your company.
It must be admitted that the demands are as big as your responsibilities. However, it is obvious that it is not your job at the operational level to implement all of this or even to know about the latest technology. Ideally, you are able to rely on the team of experts around your CIO and CISO for that. It is critical for you to be able to get information from your IT and security managers by using targeted questions that will enable you to assess how resiliently and effectively your organisation can withstand cyber threats, or where you may need to intervene and respond. Consequently, cyber resilience is also a great strategic opportunity for your company to set itself apart from your competitors, as well as to boost the trust of your customers, suppliers, partners, investors, employees and other stakeholders by having managed a cyber incident in a professional manner. But it is not nearly enough to focus on defence alone. It is much more important to strengthen your overall resilience, to recognise attacks promptly and react even faster. We urgently recommend that you get an experienced, competent partner on board who can provide you with professional support in exactly this kind of situation. As Dr Stephan Wartmann, CEO of BRUGG GROUP AG, puts it:
It is definitely worth aligning your cyber strategy with resilience. To ensure that you are able to do full justice to your board and management duties, we recommend the following approach:
In the guide, we have laid out these three success factors for you in detail. Now let's go one step further. A checklist is intended to help you assess for yourself your company's resilience. Ideally, you should be able to answer all of the following questions with a definite “yes”. Here are our “top 6” points:
Be honest now: how would you rate cyber resilience in your company? You can find the complete self-assessment checklist in our Cyber-Resilience-Guide.
Cyber risks are a matter of the boss. We would be happy to provide you with support for your critical task of establishing an effective security strategy and achieving the best possible cyber resilience. Our experience, and in particular the positive feedback from our customers, has shown that a personal dialogue sharing our experience face to face is the most effective way of achieving this. By sharing our experiences, we will show you where and what the biggest challenges and threats are in the cyber security ecosystem. Schedule your preferred date now. We look forward to the discussion!