Directors' Duty in a Major Cyber Incident: Navigating the Response and Recovery

The role of the board of directors during a major cyber incident in a company is crucial in ensuring that the organisation is able to effectively respond to and recover from the incident.

In this article, we will explore the specific responsibilities of the board of directors in the event of a major cyber incident, as well as the key considerations they should bear in mind as they work to protect the company's interests.

First and foremost, it is important to recognise that the board of directors is responsible for setting the overall direction and strategy of the organisation. In the event of a major cyber incident, this includes the development of a comprehensive cybersecurity plan that outlines the steps that will be taken to identify and respond to potential threats, as well as the measures that will be put in place to prevent future incidents from occurring.

In addition to setting the overall direction and strategy for cybersecurity, the board of directors is also responsible for overseeing the implementation of these measures. This includes ensuring that the necessary resources are allocated to implement the plan, as well as regularly reviewing and updating the plan to ensure that it remains effective in the face of evolving threats.

Another key responsibility of the board of directors during a major cyber incident is to ensure that the organisation is able to effectively communicate with stakeholders, including employees, customers, and shareholders. This may involve working with management to develop a communication plan that outlines the steps that will be taken to keep stakeholders informed and to address any concerns they may have. Finally, the board of directors is responsible for ensuring that the organisation is able to effectively recover from the cyber incident. This may involve working with management to develop a recovery plan that outlines the steps that will be taken to restore systems and processes, as well as to minimise any negative impact on the organisation.

Lynden Group advisors can assist in providing expert advice and support to boards of directors in Australia in meeting their cyber security responsibilities. With deep expertise in compliance, accounting, audit, ASIC services, and cyber resilience, Lynden Group advisors can work alongside you to help ensure your organisation's cyber security plan is comprehensive, effective, and regularly reviewed to keep pace with the ever-evolving threat landscape.