Cyber governance – risk management & reporting now critical!


Graham Croock | Director | CyriskCo Advisory | mail me |

Recent global events, specifically the global COVID-19 pandemic, have caused widespread business disruption and transformation, forcing businesses to adapt to new ways of working in an extremely short period.

The pandemic has already forced firms and policymakers to do things that were previously considered impossible. This is just the beginning. Given its gravity, the effects of COVID-19, along with other unpredictable eruptions of systemic risk, will continue to surface over the next decade. Many pandemic-driven changes will likely persist, long after the vaccine rollouts are concluded. It is expected that these changes will significantly alter business, technology, risk management and cyber information security posture forever.

Evolving workplace

A greater level of remote and agile working is now the new normal, bringing with it a host of cyber and information security challenges and threats.

It is now vital that effective boards have the capability to continuously assess and manage their businesses new risk and security posture when measured and benchmarked against international standards. Board members must learn lessons from accelerated digital transformation and the enforced remote working environment to implement effective solutions to enhance cyber and information security and resilience, giving them enhanced security and peace of mind.

Amidst the global pandemic, board members have realised that cyber and information security risk is much more than an IT issue. It is an issue which must concern each board member. Cyber risk and cyber security are by their very nature, strategic imperatives for businesses of all sizes, industries, and locations.

Rising risks

In terms of strategic business risk, it is recognised that pandemics and the large-the consequence will be that scale outbreaks of disease will become increasingly common as globalisation and climate change continues to make us more susceptible.

Chief Information Officers (CIO’s) and Chief Information Security Officers (CISO’s) have accepted that risk managers and board members will have to manage:

  • Increased tension between privacy and the surveillance required to ensure appropriate safety and protection of personal health
  • Customer and client expectations and tensions between service convenience and digital transaction security
  • Compromised information security resilience resulting from increased volume and sophistication of cyberattacks using artificial intelligence and machine learning techniques
  • Increasing demands by governments and law enforcement agencies on compliance and real-time availability of meaningful quality data

A more in-depth dissection of cyber and information security reveals that considering the issues set out above within the context of risk management during and post COVID-19, it will in future, be critically important for board members to thoroughly understand and quantify risk.

Risks will need to be managed and understood concerning:

  • Data security
  • Data classification and structures
  • Data residency

The full article is reserved for our subscribers!

Read the full article by Graham Croock, Director, CyriskCo Advisoryas well as a host of other topical management articles written by professionals, consultants and academics in the February/March 2021 edition of BusinessBrief.

VIEW our subscription options


Questions or problems? | +27 (0)11 788 0880 |



Please enter your comment!
Please enter your name here