The recent Confederation of British Industry (CBI) webinar provided a timely update on managing cyber security risks and boosting organisational resilience. This is a hot topic and high up on most risk registers – the latest PWC global CEO survey shows cyber risks topping the hit-list of concerns (49% of CEOs flagged this), ahead of lingering pandemic concerns and macroeconomic volatility. So plenty to discuss and share views on.
Here’s a snapshot of some of the webinar messages and a few thoughts:
- Sounds like we are reaching a tipping point in terms of business leaders recognising the importance of the issue. This is how Susannah Odell, the CBI’s Head of Digital Policy, set the scene for the webinar: “Cyber is moving from the IT department to the board room”.
- What should businesses be doing now to boost cyber security? Sarah Lyons, Deputy Director of the National Cyber Security Centre (NCSC) flagged three immediate steps: 1. Prepare response plans (& identify key functions to prioritise) / 2. Create regular back-ups / 3. Run cyber security ‘exercises’.
- It was good to get a corporate perspective from Sarah Stephens, International Head of Cyber at Marsh. The ‘consumerisation’ of IT departments, means making it as easy as possible for the wider workforce to engage in areas such as cyber security and ensuring that this engagement is a positive experience. Nurturing a culture that rewards good security practices is a positive way forward and a means of embedding good habits across the workforce.
- The call to action at the end of the webinar was clear: Don’t wait for an incident to take place before taking action! Being pro-active in prepping for different scenarios is a big theme of my risk and reputation management training programmes for the ILO’s International Training Centre (ITCILO). This applies to cyber and all other risk areas.
Personal reflection #1 is that representative business bodies have huge role to play in raising awareness within their membership of cyber risks and of how to implement effective mitigation strategies. I remember taking part in a series of regional The Institute of Directors (IOD) cyber-security events a few years ago (back in the pre-pandemic era!) that were based on connecting business leaders with cyber specialists. Providing access to experts is also a core aim of the regular CBI webinars. And on the global level, the work of organisations like International Labour Organization, International Organisation of Employers (IOE) and World Employment Confederation will be pivotal in helping the national federations and business organisations they represent to provide the best possible cyber-support and insight to their respective membership bases.
Personal reflection #2 is that one of the biggest challenges lies in accessing the staff and skills needed to make lasting progress in this area. The recruitment sector will remain at the forefront of helping employers attract the staff they need in a suffocatingly tight labour market. Looking ahead, the challenge for the UK’s education and skills system is to supercharge the cyber skills pipeline. My recent conversations with FE colleges has underlined not only the pivotal reskilling and upskilling role that they play, but also their increasingly important role in nurturing an agile, resilient and growth-focused mind-set. The need for inspirational educators and the opportunity to learn from global best practice in skills provision also shines a light on the pivotal role of organisations like WorldSkills UK.
Always good to take stock of what’s going down on the cyber-scene. Also interesting to note the links back to other topical debates around organisational culture, risk management and upskilling. Lots to reflect on. And plenty to act on too.