Pic: Shutterstock
Call for global firms to lead on cyber-security
A report from the International Bar Association (IBA) has urged leaders of large global companies to be proactive is establishing frameworks and strategies to deal with cyber-attacks.
The lawyers’ group says that abiding by guidelines and standards developed by national regulatory bodies “no longer secures companies”.
The report, entitled Global Perspectives on Protecting Against Cyber risks: best governance practices for senior executives and boards of directors, examines existing cyber-security threats and outlines steps that companies can take to strengthen their cyber-risk governance.
‘Widely varying’ practices
Drawing on sources across ten jurisdictions, it highlights the “widely varying” cyber-security practices across regions due to differences in regulatory capabilities.
The IBA calls for “large-scale leadership” on the issue, and urges firms to set their own guidelines and standards apart from national legislation.
The report acknowledges the shared accountability between senior management and boards of directors to tackle cyber-security risks, and provides a number of recommendations to both parties:
- Understand the cyber-risk profile of the organisation,
- Ensure that the board and management have sufficient cyber-security expertise,
- Ensure appropriate reporting lines, so that cyber-risks are raised to leadership,
- Invest sufficient funds to meet cyber-security goals, and
- Review, understand and test the organisation’s cyber-incident response plans.
Board’s role ‘critical’
The report states that the role of senior management in day-to-day operations positions them well to map cyber-security risks and identify high-priority concerns. It says that senior managers are best-placed to select the ideal policy for their organisation, and are also responsible for ensuring internal compliance.
The report adds, however, that having a “well-advised and attentive” board with a thorough understanding of the financial and legal risks associated with poor cyber-security practices is “critical” for organisations.
It points out that recently enacted legislation in Australia, Germany, the UK and the US holds boards directly accountable for cyber-security oversight.
The ten jurisdictions covered in the report are: Australia, Brazil, Denmark, Germany, India, Israel, Singapore, Uganda, the UK and the US.
In Ireland, an EU directive transposed into Irish law in 2018 places a number of obligations on the State and businesses in relation to cyber-security.
Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland