ChannelLife New Zealand - Industry insider news for technology resellers
New Zealand
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
Data Protection
#
Ransomware
#
AI

The role of the board in shaping resilient cybersecurity strategies

Today
By Mark Baker, New Zealand Country Manager, Check Point Software Technologies

As cyber threats grow in sophistication and frequency, organisations must rethink how they manage cyber security.

It is no longer just a technical issue to be handled by IT departments. Instead, cyber security is a strategic priority that requires involvement from the very top: the Board of Directors. Far from being a passive observer, the board must play an active role in defining, supporting, and overseeing cyber security strategies to ensure long-term organisational resilience.

Cert NZ data cites that one in every three SMEs in New Zealand experienced at least one cyber attack in the April-September 2024 timeframe while the National Cyber Security Centre reported that incidents reported to the organisation increased by 58% from 1203 in the second quarter to 1905 in the third quarter of 2024.   At the same time, direct financial losses in Q3 was17 per cent higher than in the same quarter 2023.  

As Michael Jagusch, National Cyber Security Centre explains, "We've seen an increase in most incident categories, including an 80% jump in unauthorised access, which is a worrying trend." 

"Unauthorised access means the attackers are inside your systems or accounts and are potentially stealing information, moving your money around or even preparing for a larger and more devastating attack."

Cyber security can no longer be optional – it's a necessity for safeguarding sensitive data, maintaining customer trust, and complying with stringent regulatory requirements.   

For boards, this means moving beyond traditional oversight roles to become champions of security initiatives that protect both the organisation and its stakeholders.

Cyber security as a strategic priority
While IT teams remain the first line of defence, their efforts must align with a broader organisational strategy crafted and endorsed at the highest levels. The board, as the ultimate decision-making body, significantly influences the allocation of resources, the adoption of technologies, and the cultivation of a security-conscious culture.

In today's threat landscape, this leadership is critical. Boards that neglect their role in cyber security risk leaving their organisations vulnerable to potentially devastating breaches. To take a proactive stance, boards must address several critical aspects of cyber security:

1. Investing in security training for board members:
Board members often come from diverse professional backgrounds, and not all possess technical expertise. However, to make informed decisions, they must have a baseline understanding of cyber security. Investing in targeted training helps bridge the knowledge gap and equips directors to grasp the scope and impact of modern cyber threats.

Essential topics for board training on cyber security include:

  • Artificial Intelligence (AI): While AI can enhance defences through predictive analytics and automated responses, it can also be weaponised to bypass traditional security measures. 
  • Ransomware: As a growing threat, ransomware attacks can disrupt operations and incur significant financial losses. Understanding mitigation strategies is essential.
  • Deepfakes: These emerging threats, which leverage AI to create highly realistic but fake digital content, can damage trust and manipulate decision-making.

A well-informed board is better positioned to make decisions that align with the organisation's cyber security needs and priorities.

2. Viewing cyber security as an investment, not a cost:
Cyber security often requires significant investment in tools, talent, and infrastructure. Boards must reframe these expenditures not as costs, but as essential investments that protect the organisation's continuity and reputation.

Forward-thinking boards prioritise security funding, recognising its importance in mitigating risks. Investing in measures such as advanced threat detection systems, real-time monitoring platforms, and employee awareness programs reduces the likelihood of costly breaches.

3. Supporting the Chief Information Security Officer (CISO):
The CISO is the organisation's frontline leader in cyber security. Their insights into emerging threats and internal vulnerabilities are invaluable. Boards must actively listen to the CISO's assessments and provide the resources needed to address challenges effectively.

4. Ensuring regulatory compliance:
Governments and regulatory bodies are imposing increasingly stringent cyber security requirements, reflecting the critical role of security in today's interconnected world. Boards must stay informed about these regulations and their implications for organisational operations.

For example, in New Zealand, the Reserve Bank's BS11 standard requires banks to ensure operational continuity even in extreme scenarios, such as losing network connectivity with Australia. Such mandates underscore the importance of robust cybe rsecurity planning and resilience.

5. Building a culture of security:
Cyber security is not just about technology - it is about people and processes. Boards play a critical role in fostering a culture that prioritises security at every level of the organisation. This involves promoting security awareness among employees, encouraging transparent communication about risks, and reinforcing the idea that cyber security is a shared responsibility.

Cyber security as a business enabler
Boards that actively engage in cyber security oversight can transform it from a reactive function into a business enabler. Secure systems inspire customer trust, protect intellectual property, and ensure regulatory compliance - each of which is crucial for maintaining competitiveness in today's digital economy.

The increasing sophistication of cyber threats makes one thing clear: cyber security is no longer optional. Boards that fail to prioritise this critical area risk exposing their organisations to significant financial, operational, and reputational harm.

To meet this challenge, boards must move beyond traditional oversight roles and become active participants in cyber security strategy. From investing in training to empowering the CISO and ensuring regulatory compliance, directors have the opportunity to drive meaningful change.

In doing so, they send a clear message to stakeholders: the organisation is committed to protecting its future in an increasingly digital world. A proactive and informed board transforms cyber security from a back-office function into a strategic imperative, securing not just data and infrastructure, but also the trust of customers, employees, and regulators.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Snapper expands presence to 20 countries with Mosaiq tech
Commvault unveils AD forest recovery for cyber resilience
Informatica & Databricks bring GenAI to data platforms
Vectra AI launches global scholarship for cybersecurity skills
Southern Cross achieves transpacific 1 Tb/s milestone
Top stories
Okta appoints Swan Chin Yeo to lead ASEAN strategy
How to streamline business travel with artificial intelligence-powered expense management
AI in 2025: Driving sustainability, security, and growth across Asia Pacific
Infoblox uncovers cyber threats exploiting domain spoofing
Qlik named 2024 Customers' Choice for analytics platform