Cybersecurity is still too often overlooked in business strategy
No board member with a background in IT security in BEL20 (Press release)
Apart from knowledge of GDPR, no BEL20 board member has a clear background in information and cybersecurity. This can be seen in a profile analysis of all board members of the BEL20 companies. “Insufficient technical knowledge in the boards of companies ensures that the risks of cybersecurity are underestimated and organisations remain vulnerable,” says Toreon CEO Sebastien Deleersnyder.
Invest more in cybersecurity knowledge
Insufficient technical knowledge ensures that the Executive Board insufficiently assesses the risks of cybersecurity. This is also confirmed by previous international research, which shows that there is a major discrepancy between the Chief Information Security Officers (CISO) and the Executive Board.
Sebastien Deleersnyder, CEO at Toreon: “It is the responsibility of the Board of Directors to assess the risks and hold management accountable for them. We often see that, due to a lack of experience, too little attention is paid to cybersecurity or that the concerns of the CTO are not sufficiently heard. However, the consequences of a cyber attack or a data breach can be catastrophic”.
According to Deleersnyder, more should be invested in cybersecurity knowledge in the boards of directors and, where possible, a board should be composed that is as heterogeneous as possible, in which members with a cybersecurity background are also represented.
“Cybersecurity should be an inherent part of the business strategy and is best developed at the highest level. Not only BEL20 companies, but all companies that process sensitive data and personal data in a digital environment should be aware of the risks. As long as cybersecurity is not an integral part of the priorities of the board of directors, companies remain vulnerable,” says Deleersnyder.
In the short term, better reporting by the CISO or CTO to the board of directors can help. That is why directors of companies that process a lot of data are best trained in cybersecurity.
Profile analysis boards of directors BEL20
Recent ransomware attacks on Belgian companies show that cybercrime is not a purely international phenomenon. The Centre for Cyber Security reported 4,500 cyber attacks on companies in 2019, a threefold increase compared to the previous year and a number that is much higher in reality.
In order to frame how companies assess those risks, cybersecurity company Toreon made a profile analysis of the members of the Boards of Directors of the BEL20 companies. This shows that apart from knowledge of GDPR, not a single BEL20 board member has a clear background in information and cybersecurity. At 1 in 4 of the BEL20 companies, it is not clear whether directors have even ever come into contact with IT. Especially specialist companies, such as companies in the life sciences sector, often only choose experts from their own field to sit on the board.
Want to know more?
Contact us or download our white paper on cybersecurity trends in 2020.