PODCAST: the gap between boards and cyber risk

There’s still work to be done around properly educating company boards on the risks associated with cyberattacks, according to Ian Yip, Asia Pacific Chief Technology Officer at security software group McAfee.

Speaking to bluenotes on podcast, Yip said while visibility on the issue had improved at board level, the deeper challenge was technical comprehension.  

" Awareness doesn’t mean they actually understand it." - Ian Yip

“Board visibility and awareness around cybersecurity and cyber risk is a lot better today than it used to be,” he said. “Now, that awareness doesn’t mean they actually understand it.”  

“So there’s a bit of work to be done in telling them what it actually means.”

Yip said often boards are briefed about risk exposures but it is vital to make sure it’s done in plain language.

“That’s what a lot of security teams have issues with – translation,” he said.  “Particularly the technical teams on the ground… telling people who aren’t necessarily technical… what it does for the risk profile and the things that can happen if a breach occurs.”

Yip said appropriate corporate spend on cybersecurity varied depending on sectors.

“It can be anywhere from 3 per cent of the IT budget up to about 10, 15, 20 per cent,” he said. “There are arguments for what’s appropriate and what isn’t.”

“I think it comes down to the risk profile.”

Yip also touched on the questions boards should be asking their technologists about cybersecurity and what they should be being briefed on. Listen to the podcast above to find out more.

Paul Burrow is Security Capability Uplift Manager at ANZ

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

10 Oct 2017

Attracting cyber talent crucial: Connick

Erica Hardinge | Head of Security Enablement, ANZ

ANZ CISO talks on video and podcast about the skills shortage in cybersecurity – and the risks if the issue isn’t solved.

29 Aug 2017

Fintech, cyber risk & solutions

Kevin Nixon & James Nunn-Price | Partners, risk advisory at Deloitte

Regulators are increasingly concerned about the impact of cyberattacks on the financial services sector.