IBA report provides first-of-its-kind global perspective on cybersecurity risk governance and key practices

A new report from the International Bar Association (IBA) Presidential Task Force on Cybersecurity and the IBA Legal Policy & Research Unit (LPRU) provides a first-of-its-kind global perspective on key governance practices for senior managers and boards of directors to protect their organizations against cyber-attacks. 

Titled “Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors,” the report provides an insight into existing cybersecurity threats and outlines actionable steps.

The report draws on sources across—Australia, Brazil, Denmark, Germany, India, Israel, Singapore, Uganda, the United Kingdom, and the United States.

According to data from the Identity Theft Resource Center, 53.3 million Americans were impacted by a data compromise in the first half of 2022. 

Meanwhile the telecommunications company Verizon reported that of the total breaches committed in 2022, 89 percent were financially motivated and almost half of all cyber breaches featured hacking.

Regulatory bodies have begun developing legal guidelines and standards in response to the increase in cyber-attacks. However, simply abiding by such regulations no longer secures companies, rather company leaders must proactively establish security frameworks and strategies.

Through its country-level case studies, the report highlights the widely varying cybersecurity practices across regions due to differences in regulatory capabilities. While organization-level governance and accountability are important, large-scale leadership is undoubtedly necessary.

Setting guidelines and standards apart from national legislation can bridge existing gaps in knowledge. 

DThe new IBA report acknowledges the shared accountability between senior management and boards of directors to tackle cybersecurity risks and provides 17 recommendations to both parties, including:

• Understand the cyber risk profile of the organization.

• Ensure the board and management have sufficient cybersecurity expertise.

• Ensure appropriate reporting lines so that cyber risks are raised to leadership.

• Invest sufficient funds to meet cybersecurity goals.

• Review, understand, and test the organization cyber incident response plans.

Senior management play a crucial role in day-to-day operations, positioning them well to map cybersecurity risks and identify high-priority concerns. 

Tracking internal knowledge, external support and expertise, and cross-functional collaboration, they are best placed to select the ideal policy for their organization. They are also responsible for ensuring internal compliance, and as the primary reporters to the board, they can also suggest timely analysis/assessments and updates.

The new report expands upon the IBA Cybersecurity Guidelines (2018) and is available at online at www.ibanet.org/New-IBA-report-provides-first-of-its-kind-global-perspective-on-cybersecurity-risk-governance.