Cybersecurity is a core business risk that can impact the entire organisation. Boards are challenged to understand how cyber threats impact financial performance, reputation, and regulatory obligations. Boards need to build awareness of their organisation’s cyber security posture, protection measures, and incident response protocols.
In this podcast, Dr Sabine Dembkowski, Founder and Managing Partner of Better Boards, is joined by Beatrice Devillon-Cohen. Beatrice has over 25 years of investment banking experience, having led traders’ teams across the UK, Europe, Asia, and the US. She has now developed a portfolio of non-executive positions, having recently served on the Audit Committee of the European Investment Bank and the Finance Committee at King’s College, London.
“The Rule of Three is important when it comes to cybersecurity.”
As Boards seek to manage and survive cyber threats, the Rule of Three comes into play. On average, in a cyber event, there are three days of chaos, three weeks of systems rebuilding, and three months of constant IT problems.
“What has been changing over time is the cyber-criminal groups. They are now running their operation as a business, selling cyber attacks as a service.”
The criminal ecosystem has gone professional. While there will always be bored teenagers or disgruntled employees, the more serious players run their operations like business ventures. They sell cyberattacks as a service, backed by deep resources, skilled talent, and vast networks.
“You need to work on mitigation, responding to an attack, and recovering. That's your battleground.”
While cyber threats can’t be entirely avoided, Beatrice counsels Boards not to despair. There is plenty that can be done. It begins by understanding how threats work.
A primary attack path is through links in emails. One-click installs malware that hackers can use for access. Caution and education can help prevent this.
Another primary attack path is third-party providers. External suppliers are compromised and used as a bridge into your own internal system.
“Never hope for the best when it comes to cybersecurity, because hope will not be a strategy.”
Boards are accountable for cyber risk oversight (see the UK Cyber Governance Code of Practice). They need to make it a strategic priority. Build relationships with IT heads, show curiosity, and build trust.
Get a strong dialogue going. Educate within the organisation and with third-party partners. Create a no-blame culture so that if something happens, it is escalated immediately, which can limit its impact.
“It's our own duty to upskill, stay current, and think around the corner on that subject, like any other subject in the boardroom.”
Cyber culture starts at the top. It is not “too complicated” to pick up basic cyber safety skills or understand risk. Plus, with AI and quantum computing on the horizon, any actions Boards can take—and lead their companies to take—will help prepare for future risks.
The three top takeaways from our conversation for effective boards are:
1. Cyber risk is a business risk. Own it as such.
2. Don't hide, as a Board member, behind “it's too technical and not for me”. Upskill, be curious, and engage with executives.
3. Prepare for it. Run exercises and test regul
If you would like to become part of the Better Boards community, learn about our distinctive approach and explore opportunities to work with us or contribute to The Better Boards podcast series, get in touch at info@better-boards.com. We love to hear from you.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.