Cyber  |  Data and digital

Cyber risk management: insights from the Cyber Pulse check

SHARE
LinkedIn
Twitter
Facebook
Email

Cyber risk management: Insights from the joint NEDonBoard and Cyemptive Cyber Pulse Check

NEDonBoard, in collaboration with Cyemptive Technologies, recently surveyed a cross-section of non-executive directors, board advisors, senior executives, and other board members to gauge their approach to cyber security and risk management. The survey reveals important insights into how boards are tackling the growing challenges of cyber security.

Who is responsible for cyber security?

A key finding from the survey is that the responsibility for cyber security has moved to the board. A notable 42.6% said that the board plays a role in this area and 37% of respondents suggested that cyber security is a shared responsibility, combining input from technical teams, risk functions, and the board.

Cyber risk assessment and incident experience

When it comes to proactive risk management, the survey paints an encouraging picture. A significant majority, 72.2%, reported that their organisations had undertaken a cyber risk assessment in the past 12 months. However, it is concerning that 16.7% had not, and 11.1% of respondents were unsure if such an assessment had been conducted. This uncertainty speaks to the need for greater clarity and communication between boards and technical teams on cyber risk management efforts.

The survey indicates that 16.7% of organisations have experienced a breach, and 7.4% were unsure. These figures suggest that many organisations are vulnerable.

Cyber expertise at the Board level and non-executive director training

One of the most telling aspects of the survey is how boards access cyber security expertise. Just over half (55.6%) rely on executive expertise, while 42.6% consult external advisors or consultants. Only 25.9% indicated that they receive board-level cyber training, and 18.5% have appointed a board member with specific cyber expertise.

This finding raises important questions about whether boards are adequately prepared to oversee cyber risk management. Ongoing education of board members through non-executive director training to keep pace with rapidly evolving cyber threats is as critical as access expertise. Especially as only 29.6% of respondents assess that they are informed as to the cyber security environment and the tactics of hackers.

As the leading institute for non-executive directors, NEDonBoard emphasises the critical role of NEDs in overseeing cyber security and risk management. Board members must be proactive in continuing their professional development through comprehensive non-executive director training to ensure they are equipped to guide organisations as cyber threats evolve and become more sophisticated.

Tools and monitoring

The deployment of cyber security monitoring tools is another area where many organisations are taking proactive steps. According to the survey, 68.5% of respondents confirmed that their organisations use monitoring tools, though 22.2% were unsure, and 9.3% indicated that no tools were in place. This suggests that while many organisations are investing in technology to detect and respond to cyber threats, others still have gaps in their cyber risk management strategies.

At Cyemptive Technologies, we believe that a proactive approach to cyber risk is essential for safeguarding organisations against modern threats. By working closely with boards and non-executive directors, we help ensure that cyber security is well-managed and continuously evolving.

A call to action for Boards

The findings from this pulse check make it clear: cyber security and cyber risk management are strategic imperatives that require board-level attention and oversight. Non-executive directors must ensure that the right processes and tools are in place, actively engage in continuous education and consult with cyber experts to mitigate risks effectively.

As cyber threats become increasingly sophisticated, boards that remain informed, proactive, and integrated into the cyber security framework will be the ones best positioned to protect their organisations from potentially devastating breaches.


To remain informed and proactive, join our next Tech for the Board cohort. Click on the link below to find out more:

loading