Stanton Chase Amsterdam held its annual series of Non-Executive Directors (NED) breakfast sessions during the months of September and October. This year’s theme was cybersecurity and the role of NEDs in building and maintaining effectively cybersecurity policies at their organizations.
The sessions kicked off with a virtual introduction by Dick Berlijn, a former Commander of the Dutch Armed Forces. After his military career he became a cybersecurity strategy board adviser with Deloitte, and he is currently a Partner with Hague Corporate Affairs. During his remarks, Berlijn discussed the significant threats that cyberattacks pose in disrupting individual companies, whole sectors, and wider society. He also spoke of the parallels between traditional warfare and cyberattacks and the necessary responses that involve strategic options to anticipate, divert, and engage attacks.
The Stanton Chase NED meetings were co-hosted by Jaap Remijn, former Group COO with Travelex. During his tenure, Remijn gained firsthand cybersecurity-breach experience when his organization was hit by a ransomware attack. He candidly shared the event timeline, his thought processes, the challenges, and strategic options that went into dealing with the cyberattack.
His address was followed by a question-and-answer session for NEDs in which they shared their experiences and discussed both real-world examples and hypothetical scenarios.
Organizations can benefit from having a cyber-recovery plan that covers all five critical stages (identification, containment, impact assessment, recovery, and aftercare) that organizations need to go through during a ransomware attack. Each of these stages requires dedicated action and a clear allocation of responsibilities that should be addressed in a timely manner.
Given the digital openness of organizations caused by remote working, social media, “bring your own device”, hybrid hosting, IoT, and SAAS, to name a few things, many companies must rethink their cybersecurity strategy. How do you protect your IT networks, databases, and all the transactions your organization processes each day? How can you best build up cyber capabilities to adequately detect, protect, and respond to cyber threats? During our NED meetings, it became very clear that it is not a question of if an organization will be hacked but rather when will and how it will respond. Cybersecurity as prevention is of course key, but companies must also develop and maintain a recovery plan for when it happens.
Even in firms with highly educated employees who are well-versed in cybersecurity measures, the threat is real, and recent tests have found that a percentage of people are still at risk of clicking on phishing emails.
The key questions for NEDs to consider center around ensuring cyber business continuity:
Following the well-documented cyberattack at Travelex, there are four key lessons that can be learned:
Most companies are not prepared for a large-scale cyberattack. NEDs are often not aware of what cybersecurity plans (if any) are in place within their organizations. Cyber hacking is a growing, highly professional, and well-organized global business. Its participants work seamlessly and internationally together in pursuit of their goals. When a hack presents itself, the initial cyber breach into the IT network entered the systems on average weeks to even months in advance. This allowed the attackers to plan the routes and search for sensitive information and weaknesses to maximize damage and thereby potential payoff.
For the vast majority of our NED meeting participants, the risks and the remedies for rapidly increasing cyber threats were an eye-opener. There is no time to lose in protecting your company and your employees from the risks of cyberattacks. To find out more about our annual NED breakfast sessions or how Stanton Chase Amsterdam can help your company be prepared for a cyberattack, please contact us here.