The International Bar Association (IBA) Presidential Task Force on Cybersecurity and the IBA Legal & Policy Research Unit (LPRU) have unveiled a new report to outline key governance practices for senior managers and boards of directors to protect organisations against cyber-attacks

The report draws on sources from Australia, Brazil, Denmark, India, Uganda, UK, US, Israel, Singapore and Germany in order to provide a global perspective on the existing cybersecurity threats and actionable steps that can be taken to strengthen cyber risk governance. 

“There is a real need for leadership and development of international cyber best practices in the intersection of law, public policy and technology. This IBA report sets a global benchmark on best governance practices for corporations in effectively safeguarding their organisations against cyber risks,” said Stenford Moyo, immediate past president of the IBA and chairman of Scanlen and Holderness, Zimbabwe. 

According to the report, cybersecurity is fast evolving into a primary concern for society at large, especially in light with the rise of 5G networks, quantum computing and the Internet of Things. According to data from the Identity Theft Resource Center, 53.3 million Americans were affected by data compromise in the first half of 2022. Meanwhile, telecoms company, Verizon, has reported 89% of total breaches committed in 2022 were financially motivated and half of all cyber breaches featured hacking. 

While regulatory bodies have begun developing legal guidelines and standards in response to the cyber-threat, the IBA suggests that just following such regulations will not secure companies. Instead, it suggests, company leaders must proactively establish security frameworks and strategies to ensure stronger cyber-resilience. 

“It is more important than ever that senior executives and boards of directors engage directly in ensuring their organisations are managing cyber risks effectively,” commented Luke Dembosky, co-chair of the Presidential Task Force on Cybersecurity and a partner at Debevoise & Plimpton. “The days of leaving that enormous responsibility to the IT team or to privacy compliance to handle are long over, as these are clearly whole-company risks to operations, data, and brands.”

The report, titled Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors, highlights the various cybersecurity best practices across regions. According to the IBA, while organisation-level governance and accountability are important, large-scale leadership is also necessary and setting guidelines and standards apart from national legislation can bridge the existing gaps in knowledge. The report acknowledges the shared accountability between senior management and boards of directors to tackle cybersecurity and provides recommendations to do so.

These include ensuring the board and management have sufficient cybersecurity expertise; investing sufficient funds to meet cybersecurity goals; understanding the cyber risk profile of the organisation; ensuring appropriate reporting lines; and reviewing, testing and understanding organisation’s cyber incident response plans. 

“The number, magnitude, sophistication, frequency and impact of cyber incidents are increasing. Today they represent one of the biggest challenges to the proper functioning of organisations and the successful embracement of digital transformation. Now more than ever, senior executives and boards of directors need to better understand the strategic essence of cyber resilience, and it is our hope that this guide will serve as a catalyst for senior executives and boards of directors to accept accountability for – and enable impactful actions with respect to – advancing their organisations’ overall cyber capabilities and resilience,” remarked Søren Skibsted, co-chair of the Presidential Task Force on Cybersecurity and a partner at Kromann Reumert.