Business Express is an online portal that covers the latest developments in the world of business and finance. From startups and entrepreneurship to mergers and acquisitions, Business Express provides reporting on the stories that matter most to business leaders and decision-makers.The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
attack My0eKSPd
attack My0eKSPd

How to secure board engagement in strategic cyber discussions

Businesses who don’t invest in cybersecurity face risk of huge financial and reputational damage


London, 6 July 2021: The pandemic has raised the threat of cyber attacks for businesses. Many reports show an alarming increase in incidents in the last year, with the attack methods of cyber criminals becoming increasingly sophisticated. Despite this, boards are still not taking the initiative when it comes to cyber security.

With this in mind, Ash Patel, Head of Cyber at ECI Partners, the leading growth-focused mid-market private equity firm, who advises the boards of the portfolio on how to identify and understand the scale of the cyber risks they face, shares his thoughts on how businesses can mitigate the cyber risks facing their operations.

Why CEOs should care?

Four in 10 businesses suffered a breach or attack last year; of those, more than a third reported negative impacts, ranging from financial loss to business disruption. However, the consequences of a cyber attack go well beyond that, businesses could face:

  • Loss of crucial intellectual property to a rival, allowing them to secure a competitive advantage
  • Punitive regulatory sanctions with fines of up to 2% of a company’s global revenues, as mandated under the General Data Protection Regulation (GDPR)
  • Reputational damage and loss of customer revenue with more than one in four consumers stating they would stop doing business with a company following an incident compromising their data security or privacy

Ash Patel, Head of Cyber at ECI Partners, comments:

Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email.

“The financial and reputational fallout from a cyber attack can create huge problems for mid-sized businesses. And with cyber crime showing no signs of slowing down, it’s imperative that businesses understand the threat and are proactive in mitigating the dangers.”

“Tackling these risks is not a one-size fits all approach. Businesses need to identify the gaps in their own cyber security defences, make their own decisions about acceptable risks, and find the right strategies to counter them.”

How CTOs can push cyber security up the board agenda

In order to truly protect the business from breaches and attacks, it’s important that the board makes cyber security a priority. CTOs have a responsibility to make this happen, and the best way of achieving this is:

  1. Talk to boards in the language of the business
    Technical IT jargon is far less likely to resonate strongly with the board than a discussion about how cyber attacks threaten the business’s value story.
  2. Focus on future proofing as well as today’s operations
    It is important to not overlook the threat that cyber poses to innovation. Boards’ efforts to pursue a digital agenda may be undermined by cyber risk if it is not properly understood and planned for.
  3. Concentrate on areas of weakness
    Conducting cyber gap analysis, which focuses on the areas of risk where controls are often weaker and take steps to mitigate these specific risks. For example, the human link is often one of the weakest, so firms should invest in regular staff training to mitigate these
  4. Learn from experience
    Spend time discussing incident reports with the board, focusing in particular on what the company has learned – and what is required to prevent a reoccurrence of that type in the future
  5. Agree on targets and monitoring
    With a set of key performance indicators included in each board pack, the board will have a clear view of how the company is performing and where they might need to divert more resource to

Ash Patel continues:

“Cyber security, and the risk management associated with it, is and should be a board level responsibility. For businesses that don’t have their own cyber team or specialist, it falls to the CTO to work with the board, to educate them on the risks, strategy, performance indicators and reporting.”

“Once CEOs and the board have a full grasp of cyber in context of their business, they will be better equipped to not only protect against and properly handle potential attacks, they will also be able to pursue the business’s digital transformation and growth priorities.”

Recent Post: