The responses to be provided are multiple: individual and collective, educational, technical, legal and regulatory.
Many pitfalls are to be avoided:
- – you have a CISO, everything is fine;
- – cybersecurity is an IT problem;
- – the tools (antivirus, firewall, SOC and CERT) are in place;
- – the company is too small to be attacked;
- – BYOD (Bring Your Own Device) policy is “safe”;
- – the threats come only from the outside;
- – the company is 100% secure, no need for audit or testing;
- – our data is in the cloud, everything is fine;
- – our data has no value;
- – our service providers are responsible;
- – industrial infrastructure is not concerned;
- – we have nothing to hide.
5.1. Digital skills
Although many corporate directors consider cybersecurity to be an operational issue, the liability of the board of directors may be sought in the event of negligence or mismanagement, if the sustainability of the company is at risk, as a result of cybersecurity issues, lack of risk management and internal control.
“The composition of the board of directors must be adapted to the company’s challenges”, says APIA (Association professionnelle des administrateurs indépendants). “The diversity of the Board’s members must therefore be analyzed in the light of their skills and experience, particularly in the face of digital challenges”.
This digital competence is necessary both for strategic issues, for the assessment of cyber-risks and also for the assessment of the ...