The National Cyber Security Centre (NCSC) is updating its Cyber Security Toolkit for Boards, and is seeking feedback from board members and non-executive directors from large organisations, asking them to share their experiences to help shape those changes.
While cyber has long been recognised as a board level issue, many board members do not have specific cyber expertise, or sufficient knowledge to obtain the relevant information from the technical experts they hire. In 2019 the NCSC therefore launched its toolkit, with the aim of providing board members with tools and knowledge to discuss cyber security issues with their experts. The toolkit includes a popular 'questions and answers booklet', listing a range of questions for board members to ask both themselves and their organisations on topics such as:
- embedding cyber security into your structure and objectives;
- establishing your baselines and identifying what you care about most;
- collaborating with suppliers and partners; and
- planning your response to cyber incidents.
However, the cyber treat landscape has continued to evolve since the toolkit was produced, with covid introducing new risks, an increase in legal claims, large fines being issued by the ICO and a rise in ransomware attacks (see also the NCSCs new blog on ransomware) all adding to a raised risk profile.
The NCSC, who had previously promised to keep the toolkit under review, therefore wants to hear from you if you or your organisation have experience of using the toolkit, or managing cyber issues more generally. They have stated that the process will involve an interview of no longer than 45 minutes with Behavioural Insights Team, a third party behavioural science organisation, although less formal engagement is also possible (more details are available here).