The Institute of Directors has teamed with Aura Information Security to develop and launch a guide to cyber security reporting for company boards.
The guide, "Reporting cyber security to boards", sets out principles on reporting to boards, key questions to help identify and develop metrics, and sample dashboards.
“Everyone knows that cyber security is a critical risk that can cause serious damage to an organisation,” Institute of Directors chief executive Kirsten Patterson said.
“Not only are cyber-attacks hugely disruptive, they have the potential to cause significant financial, competitive and reputational damage.”
Many boards have had cybersecurity on the agenda for some time, she said, but directors say they are still not getting sufficient information about cyber risks and incidents or the actions they have and should be taking to address these.
“This is a problem and it is critical that cybersecurity reporting improves," Patterson said. "Directors need comprehensive reports in order to assure themselves that key assets are being protected.”
Aura Information Security general manager Peter Bailey said the number of online attacks impacting New Zealand businesses is growing – both in number and complexity.
"In order to provide effective oversight, boards need to have access to regular high-level holistic reporting on cyber risks and the state of their organisation’s cyber security program," he said.