What are the top 10 cyber risk manufacturing questions board members should be asking? According to a cyber risk in advanced manufacturing study led by Deloitte’s Center for Industry Insights, nearly half of the executives surveyed lack confidence they are protected from external threats. The study offers manufacturers insights into what they should do to be secure, vigilant and resilient in addressing risk.
Just as boards are charged with overseeing a company’s financial systems and controls, they also have a duty to oversee a company’s management of cybersecurity, including oversight of appropriate risk mitigation strategies, systems, processes and controls.
According to the Deloite Cyber Risk study, below are 10 questions boards should be asking.
- How do we demonstrate due diligence, ownership and effective management of cyber risk? Are risk maps developed to show the current risk profile, as well as timely identifying emerging risks we should get ahead of?
- Do we have the right leadership and organizational talent? Beyond enterprise systems, who is leading key cyber initiatives related to industrial control system (ICS) and connected products?
- Have we established an appropriate cyber risk escalation framework that includes our risk appetite and reporting thresholds?
- Are we focused on, and investing in, the right things? And, if so, how do we evaluate and measure the results of our decisions?
- How do our cyber risk program and capabilities align to industry standards and peer organizations?
- How do our awareness programs create a cyber-focused mindset and cyber-conscious culture organization wide? Are awareness programs tailored to address special considerations for high-risk employee groups handling sensitive intellectual property, ICS or connected products?
- What have we done to protect the organization against third-party cyber risks?
- Can we rapidly contain damages and mobilize response resources when a cyber incident occurs? How is our cyber incident response plan tailored to address the unique risks in ICS and connected products?
- How do we evaluate the effectiveness of our organization’s cyber risk program?
- Are we a strong and secure link in the highly connected ecosystems in which we operate?
Given the highly connected environments manufacturers work in, and the pace of technological change they face, cyber risk is a serious, top-of-mind industry issue. It’s increasingly important for organizations to assess their risk profile and preparedness in the event of a breach or cyberattack.