skip to log on skip to main content
Article related to:

Technology

PODCAST: the gap between boards and cyber risk

Security Capability Uplift Manager, ANZ

2017-12-06 11:14

There’s still work to be done around properly educating company boards on the risks associated with cyberattacks, according to Ian Yip, Asia Pacific Chief Technology Officer at security software group McAfee.

Speaking to bluenotes on podcast, Yip said while visibility on the issue had improved at board level, the deeper challenge was technical comprehension.  

" Awareness doesn’t mean they actually understand it." - Ian Yip

“Board visibility and awareness around cybersecurity and cyber risk is a lot better today than it used to be,” he said. “Now, that awareness doesn’t mean they actually understand it.”  

“So there’s a bit of work to be done in telling them what it actually means.”

{CF_AUDIO}

Yip said often boards are briefed about risk exposures but it is vital to make sure it’s done in plain language.

“That’s what a lot of security teams have issues with – translation,” he said.  “Particularly the technical teams on the ground… telling people who aren’t necessarily technical… what it does for the risk profile and the things that can happen if a breach occurs.”

Yip said appropriate corporate spend on cybersecurity varied depending on sectors.

“It can be anywhere from 3 per cent of the IT budget up to about 10, 15, 20 per cent,” he said. “There are arguments for what’s appropriate and what isn’t.”

“I think it comes down to the risk profile.”

Yip also touched on the questions boards should be asking their technologists about cybersecurity and what they should be being briefed on. Listen to the podcast above to find out more.

Paul Burrow is Security Capability Uplift Manager at ANZ

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

anzcomau:Bluenotes/technology-innovation,anzcomau:Bluenotes/Leadership-and-Management
PODCAST: the gap between boards and cyber risk
Paul Burrow
Security Capability Uplift Manager, ANZ
2017-12-06
/content/dam/anzcomau/bluenotes/images/articles/2017/December/ANZ Blue Notes Generic0026.jpg

EDITOR'S PICKS

Top