What boards can do in the event of a cyber security breach?

Effective Board Responses in the Event of a Cybersecurity Breach

Cybersecurity breaches that compromise sensitive data or disrupt operations are unfortunately a growing governance threat. Boards play a vital role in crisis response to address immediate impacts while providing strategic guidance to strengthen defenses long-term. This article explores board-level actions upholding responsibilities during breach events.

Understanding the Breach

Initial crisis response begins with the board rapidly developing a complete understanding of the breach situation including:

• How the breach occurred and which systems/data were impacted based on technical forensic analysis. Was it phishing, unpatched software, misconfigured access or insider actions for example?
• Determining the scope of compromised information or disrupted operations based on containment and impact assessments. Were customer records, intellectual property or operational systems affected?
• Who has been notified both internally and externally thus far and what public messaging has occurred?
• Which response activities are already underway by management or external experts?
• What are the immediate regulatory notification and public disclosure obligations based on the preliminary assessment

Armed with a clear picture, boards can deliberate the appropriate response strategy.

Crisis Communications Response

Boards oversee development of robust crisis communications plans encompassing:

• Clear escalation protocols ensuring swift board notification when incidents occur.
• Guidance for internal communications to reassure the workforce while maintaining focus.
• Timely external notifications to customers, regulators, partners and insurers as required.
• An organisational spokesperson to manage press inquiries and social media consistently.
• Key messaging balancing transparency, compassion, accountability and resolve.
• Ongoing stakeholder updates as the investigation and recovery progresses.

Thoughtful crisis communication upholds reputation and trust.

Recovery Planning

Boards probe and support business recovery plans to restore capabilities compromised by the breach:

• Disaster recovery plans enacting backup systems where feasible to enable continuity of critical operations.
• Containment strategies isolating and decontaminating infected systems based on forensic analysis.Data restoration from backups or other sources to regain access to encrypted information.
• Temporary business process workarounds where needed before systems are restored.
• Steps to verify integrity of data and transactions during the breach period after recovery.
• Alternate infrastructure arrangements if internal systems require prolonged restoration.

Robust technical and operational recovery protects stakeholder interests.

Accountability Review

Once the immediate crisis stabilises, boards launch a comprehensive accountability review to identify root causes and shortcomings enabling the breach. The evaluation examines:

• Technical root cause based on forensic investigation – unpatched systems, inadequate access controls, social engineering etc.
• Personnel issues like negligence, inadequate training or sabotage that may have contributed.
• Security program deficiencies – outdated tools, incomplete data classification, poor risk analytics.
• Organisational culture shortfalls – inadequate focus on security, fear of highlighting risks.
• Prior warnings or audit findings that were ignored or under-resourced.
• Executive leadership commitment shortfalls regarding security prioritisation.

An objective accountability review shapes remediation priorities. Boards may engage external experts to facilitate impartiality.

Strengthening Cyber Defenses

Boards guide management actions to address identified accountability issues and bolster cyber defenses for the future. Enhancements may include:

• Increased security staffing, tools and awareness training to strengthen risk mitigation.Improved access controls, encryption, multi-factor authentication and segmentation to secure crown jewels.
• Enhanced risk analytics leveraging threat intelligence to sharpen monitoring.
• Modernised legacy systems and strengthened patch management.
• Culture focus reinforcing vigilance, speaking up about risks and learning from incidents.
• Independent reviews to validate improved security program maturity against leading practices.

A breach presents impetus to implement strategic security upgrades.

Industry Collaboration

Boards can direct management to share anonymised insights with industry groups, regulators and government agencies. Collaborative learnings amplify protection across sectors against common adversaries. Testifying before legislative bodies also advocates for policy changes to increase cyber resilience.

Long-Term Vigilance

Reinforcing the message that security requires constant leadership commitment prevents complacency from re-emerging over time once a crisis stabilises. Maintaining funding, focus and transparency sustains enhancements implemented. Ongoing board oversight evaluates whether executive vigilance withstands competing priorities as memories of the breach recede.

Conclusion

Rapid yet thoughtful crisis response coupled with accountability-driven remediation enables boards to uphold obligations during cyber breach events. But equally crucial is guiding executives to sustain security prioritisation long after threats fade from headlines. Maintaining this governance commitment to enhancing defenses determines organisational cyber resilience.