This update and guidance may be relevant to both your clients and your own board (where relevant).
We are really excited to confirm that the National Cyber Security Centre (NCSC) launched a ‘refreshed’ cyber security board toolkit on 30 March. With the UK and US’s shared interest in raising awareness of good cyber security to boards on both sides of the Atlantic, the toolkit will be launched in collaboration with CISA, our US counterparts.
Originally published in 2019, the toolkit has proved very popular with boards and it's their feedback, together with input from non-executive directors and our embedded industry i100 team, that will ensure the toolkit remains up-to-date, relevant and framed in language that boards are familiar with.
The toolkit helps boards ensure that cyber resilience and risk management are embedded throughout their organisations. It will help boards make informed cyber decisions that are aligned to their wider organisational risks, and ensure cyber security is assigned appropriate investment against other competing business demands.
What's new?
In each of the sections within the Board Toolkit you’ll find:
- bite-sized videos to provide boards with a quick overview of each module
- essential activities that boards should expect to see in their organisation
- indicators of success: a series of questions (with possible answers) that boards can use to help evaluate their organisation's performance; these are designed as a ‘starting point’ to encourage productive cyber security discussions between boards and key stakeholders
- benefits of cybersecurity for organisations.
We also have some new additions:
- a sample script of questions to help board members establish if they have enough cyber security knowledge to ensure their organisation has the appropriate plans in place to mitigate threats
- an ‘executive summary’ that summarises each section of the Board Toolkit
- use cases that draw on real-life incidents to bring the guidance to life
- a Board Toolkit podcast, with contributions from industry-leading voices including the NCSC's former chief operating officer Paul Maddison.
What's not changing
The nine core themes in the modules haven’t changed. Board members have told us how much they like the questions and possible answers, so we’ve kept these and made sure that all the questions are available in a single pdf. We’ve also kept (and updated) the Introduction to cyber security for Board members, for those who are new to the subject and need to quickly get up to speed.
The toolkit helps organisations to adopt a methodical and proactive approach to cyber security and outlines basic safeguards that can greatly reduce the likelihood – and impact – of cyber-attacks.
Further resources
ACCA has teamed up with PureCyber to offer resources, discounts and offers to members.
Visit ACCA's cybersecurity hub.