Building Business Resilience What the Board of Directors Need to Know A Briefing for the C-Suite

Vladlena Benson, Michael Hughes

Research output: Book/ReportCommissioned report

Abstract

The C-level executives of all organisations no matter how large or small, whether in the private or public sectors,
have a responsibility to ensure their business is resilient to the impact of adverse risks. All organisations today are
reliant on technology to deliver their services to their customers and manage their business, whether they are a
large financial institution, manufacturer, retailer, public sector organisation, SME etc. Indeed, many of the more
successful organisations are actually technology companies, totally reliant on technology to deliver their service.
Uber, Airbnb, and Amazon are just a few names which spring to mind. In our ever increasing, always connected
cyber age, they are therefore exposed to the risk of a cyber-attack.
No longer can this issue be delegated to the IT senior management team, accountability rests with the C-suite, so
they need to provide effective governance oversight to ensure that the business is as resilient as possible, in line
with the organisation’s cyber risk.
This briefing paper accompanies the ACCA’s “Cyber and the CFO report” which can be found at:
https://www.accaglobal.com/content/dam/ACCA_Global/professional-insights/Cyber-cfo/pi-cyber-and-theCFO.pdf.
However, managing an organisation’s Cyber Risk is complex and it is not just the responsibility of the
CFO, it’s the responsibility of the all the C-suite of an organisation. The C-suite have to get to grips with the reality
that just as they start their work day, thousands of organised crime firms wake up with the only KPI – breaking
into your enterprise network.
The C-suite have many other priorities to balance, as well as the issue of the Cyber Risk. Therefore, this paper
provides some guidance on the basics. The C-suite should ensure that their organisations are:
• doing the right things;
• doing them in the right way;
• doing them well; and
• protecting business value, effectively managing the cyber risk and protecting the business.
The C-suite, as company directors, have a legal responsibility to provide effective governance oversight and to
ensure that the company is well managed, to protect its customers, employees, shareholders, and business
partners. This extends to ensuring that the organisation fully understands their cyber risks and these are being
adequately and effectively managed. The C-suite need to lead by example, not only in what they say, but more
importantly, in what they do. This includes, observing the organisational security policies.
Original languageEnglish
Publication statusPublished - Aug 2019

Fingerprint

Board of directors
Resilience
Responsibility
Governance
Oversight
Security policy
Financial institutions
Accountability
Senior management
Shareholders
Public sector organizations
Guidance
Small and medium-sized enterprises
Business value
Private sector
Attack
Amazon
Employees
Dams
Organized crime

Cite this

@book{856ded0fe9a74781aabbebb4e6a258ed,
title = "Building Business Resilience What the Board of Directors Need to Know A Briefing for the C-Suite",
abstract = "The C-level executives of all organisations no matter how large or small, whether in the private or public sectors,have a responsibility to ensure their business is resilient to the impact of adverse risks. All organisations today arereliant on technology to deliver their services to their customers and manage their business, whether they are alarge financial institution, manufacturer, retailer, public sector organisation, SME etc. Indeed, many of the moresuccessful organisations are actually technology companies, totally reliant on technology to deliver their service.Uber, Airbnb, and Amazon are just a few names which spring to mind. In our ever increasing, always connectedcyber age, they are therefore exposed to the risk of a cyber-attack.No longer can this issue be delegated to the IT senior management team, accountability rests with the C-suite, sothey need to provide effective governance oversight to ensure that the business is as resilient as possible, in linewith the organisation’s cyber risk.This briefing paper accompanies the ACCA’s “Cyber and the CFO report” which can be found at:https://www.accaglobal.com/content/dam/ACCA_Global/professional-insights/Cyber-cfo/pi-cyber-and-theCFO.pdf.However, managing an organisation’s Cyber Risk is complex and it is not just the responsibility of theCFO, it’s the responsibility of the all the C-suite of an organisation. The C-suite have to get to grips with the realitythat just as they start their work day, thousands of organised crime firms wake up with the only KPI – breakinginto your enterprise network.The C-suite have many other priorities to balance, as well as the issue of the Cyber Risk. Therefore, this paperprovides some guidance on the basics. The C-suite should ensure that their organisations are:• doing the right things;• doing them in the right way;• doing them well; and• protecting business value, effectively managing the cyber risk and protecting the business.The C-suite, as company directors, have a legal responsibility to provide effective governance oversight and toensure that the company is well managed, to protect its customers, employees, shareholders, and businesspartners. This extends to ensuring that the organisation fully understands their cyber risks and these are beingadequately and effectively managed. The C-suite need to lead by example, not only in what they say, but moreimportantly, in what they do. This includes, observing the organisational security policies.",
author = "Vladlena Benson and Michael Hughes",
year = "2019",
month = "8",
language = "English",

}

Building Business Resilience What the Board of Directors Need to Know A Briefing for the C-Suite. / Benson, Vladlena; Hughes, Michael .

2019.

Research output: Book/ReportCommissioned report

TY - BOOK

T1 - Building Business Resilience What the Board of Directors Need to Know A Briefing for the C-Suite

AU - Benson, Vladlena

AU - Hughes, Michael

PY - 2019/8

Y1 - 2019/8

N2 - The C-level executives of all organisations no matter how large or small, whether in the private or public sectors,have a responsibility to ensure their business is resilient to the impact of adverse risks. All organisations today arereliant on technology to deliver their services to their customers and manage their business, whether they are alarge financial institution, manufacturer, retailer, public sector organisation, SME etc. Indeed, many of the moresuccessful organisations are actually technology companies, totally reliant on technology to deliver their service.Uber, Airbnb, and Amazon are just a few names which spring to mind. In our ever increasing, always connectedcyber age, they are therefore exposed to the risk of a cyber-attack.No longer can this issue be delegated to the IT senior management team, accountability rests with the C-suite, sothey need to provide effective governance oversight to ensure that the business is as resilient as possible, in linewith the organisation’s cyber risk.This briefing paper accompanies the ACCA’s “Cyber and the CFO report” which can be found at:https://www.accaglobal.com/content/dam/ACCA_Global/professional-insights/Cyber-cfo/pi-cyber-and-theCFO.pdf.However, managing an organisation’s Cyber Risk is complex and it is not just the responsibility of theCFO, it’s the responsibility of the all the C-suite of an organisation. The C-suite have to get to grips with the realitythat just as they start their work day, thousands of organised crime firms wake up with the only KPI – breakinginto your enterprise network.The C-suite have many other priorities to balance, as well as the issue of the Cyber Risk. Therefore, this paperprovides some guidance on the basics. The C-suite should ensure that their organisations are:• doing the right things;• doing them in the right way;• doing them well; and• protecting business value, effectively managing the cyber risk and protecting the business.The C-suite, as company directors, have a legal responsibility to provide effective governance oversight and toensure that the company is well managed, to protect its customers, employees, shareholders, and businesspartners. This extends to ensuring that the organisation fully understands their cyber risks and these are beingadequately and effectively managed. The C-suite need to lead by example, not only in what they say, but moreimportantly, in what they do. This includes, observing the organisational security policies.

AB - The C-level executives of all organisations no matter how large or small, whether in the private or public sectors,have a responsibility to ensure their business is resilient to the impact of adverse risks. All organisations today arereliant on technology to deliver their services to their customers and manage their business, whether they are alarge financial institution, manufacturer, retailer, public sector organisation, SME etc. Indeed, many of the moresuccessful organisations are actually technology companies, totally reliant on technology to deliver their service.Uber, Airbnb, and Amazon are just a few names which spring to mind. In our ever increasing, always connectedcyber age, they are therefore exposed to the risk of a cyber-attack.No longer can this issue be delegated to the IT senior management team, accountability rests with the C-suite, sothey need to provide effective governance oversight to ensure that the business is as resilient as possible, in linewith the organisation’s cyber risk.This briefing paper accompanies the ACCA’s “Cyber and the CFO report” which can be found at:https://www.accaglobal.com/content/dam/ACCA_Global/professional-insights/Cyber-cfo/pi-cyber-and-theCFO.pdf.However, managing an organisation’s Cyber Risk is complex and it is not just the responsibility of theCFO, it’s the responsibility of the all the C-suite of an organisation. The C-suite have to get to grips with the realitythat just as they start their work day, thousands of organised crime firms wake up with the only KPI – breakinginto your enterprise network.The C-suite have many other priorities to balance, as well as the issue of the Cyber Risk. Therefore, this paperprovides some guidance on the basics. The C-suite should ensure that their organisations are:• doing the right things;• doing them in the right way;• doing them well; and• protecting business value, effectively managing the cyber risk and protecting the business.The C-suite, as company directors, have a legal responsibility to provide effective governance oversight and toensure that the company is well managed, to protect its customers, employees, shareholders, and businesspartners. This extends to ensuring that the organisation fully understands their cyber risks and these are beingadequately and effectively managed. The C-suite need to lead by example, not only in what they say, but moreimportantly, in what they do. This includes, observing the organisational security policies.

M3 - Commissioned report

BT - Building Business Resilience What the Board of Directors Need to Know A Briefing for the C-Suite

ER -