International Bar Association has just published the report "Global perspectives on protecting against cyber risks: Best governance practices for senior executives and boards of directors". Our partner Søren Skibsted is one of the main authors of this international report. The purpose is to provide first-of-its-kind global guidance for - and specific recommendations - to senior executives and boards of directors in protecting against global cyber risks. Don't miss out reading it.

Cybersecurity has become a top priority for organizations, necessitating significant attention from senior management and boards of directors. While compliance with laws and regulations is essential, it is no longer sufficient to protect against rapidly evolving cyber risks. Corporate and organizational leaders must take on the responsibility of being responsible stewards of their systems and information assets.

The "playbook" for good cyber governance now includes active management and board engagement with cyber issues. Leaders must understand the organization's cyber risk profile, critical systems and data, security choices, and conduct regular testing. Although the exact allocation of responsibilities may vary among jurisdictions, the principles of good cyber governance remain the same.

IBA's press release.

Read the report

Purpose of the cyber risks report

The purpose of this report is to provide first-of-its-kind global perspectives and guidance on best governance practices for senior executives and boards of directors in protecting their organisations from global cyber risks, with a view to harmonising efforts globally for effective protection against cyber attacks. It includes specific recommendations to protect against cyber risks in small, large and global organisations. While the scope of this report is global, it draws, in particular, on reporting sourced from Task Force members spread across ten jurisdictions – Australia, Brazil, Denmark, Germany, India, Israel, Singapore, Uganda, the United Kingdom, and the United States – each of whom has compiled research and analysis on comparative practice across this diverse set of countries

To enhance cyber risk management, it is crucial to follow these best practice recommendations:

  1. Understand the cyber risk profile of the organization.
  2. Understand the key information assets to protect.
  3. Understand significant regulatory requirements.
  4. Determine the appropriate risk tolerance of the organization.
  5. Understand what cybersecurity standards the organization is using.
  6. Ensure appropriate risk decisions on protecting key information assets.
  7. Ensure periodic risk assessments are conducted.
  8. Understand who 'owns' cybersecurity and cyber risk management.
  9. Ensure the board has sufficient cybersecurity expertise.
  10. Ensure management has sufficient cybersecurity expertise.
  11. Invest sufficient funds to meet cybersecurity goals.
  12. Understand the cybersecurity testing and training program and review results.
  13. Ensure senior management and the board receive regular updates.
  14. Ensure appropriate reporting lines so that cyber risks are raised to leadership.
  15. Assess changes in cyber risk posture caused by business developments.
  16. Review, understand, and test the organization's cyber incident response plans.
  17. Oversee the response to significant incidents.

The goal of this report is not to turn everyone into technical experts but to provide a roadmap for strong cyber risk management. By implementing these actionable steps, organizations can strengthen their cyber risk governance and stay informed about important cyber governance issues. This knowledge will enable them to have more effective discussions and make informed decisions to protect their organizations from cyber threats.

Read the report

Who is The International Bar Association (IBA)?

The International Bar Association (IBA) is the foremost organisation for international legal practitioners, bar associations and law societies. Established in 1947, shortly after the creation of the United Nations, the IBA was born out of the conviction that an organisation made up of the world's bar associations could contribute to global stability and peace through the administration of justice. In the ensuing 75 years since its creation, the organisation has evolved, from an association comprised exclusively of bar associations and law societies, to one that incorporates individual international lawyers and entire law firms. The present membership is composed of more than 80,000 individual international lawyers from most of the world's leading law firms and some 190 bar associations and law societies spanning more than 170 countries. The IBA has considerable expertise in providing assistance to the global legal community, and through its global membership it influences the development of international law reform and shapes the future of the legal profession throughout the world.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.