The cyber governance journey for charities
- Jessica Figueras
- 12 minutes ago
- 1 min read
Many thanks to our friends at the Association of Chairs for publishing this article.
Drama, intrigue and anxiety don’t promote good governance
Most charity leaders don’t have a technical background, but we read the news. Cyber security provides a constant source of click-generating drama and intrigue, and none more so than last year’s attacks on M&S, the Coop and JLR which emptied shelves, halted production lines and wiped billions off UK GDP.
We hear of “shadowy hacker groups”, illustrated with hooded figures in darkened rooms. “Cyber terrorists weaponise AI to bring down UK networks in seconds”, one headline reads. Another features plucky cyber heroes who “plot honeypots to catch hackers”. We are invited to look on passively while the cyber security insiders – goodies and baddies – slug it out in cyberspace.
The upshot of this drama-riven national conversation about cyber security is to breed a distinct lack of confidence amongst trustees and executives.
Trustees want to be helpful, but many are anxious and unsure how to approach the problem, particularly when executives aren’t leading proactively. Some of us respond by avoiding the issue, whilst others pepper executives with random ideas and questions: “Do we have the right kind of passwords?” “I heard there’s a bug in Windows.” “Is our IT helpdesk secure?”
These might be good ideas, but the fact is there are very many ways in which cyber security can go wrong. Your board needs a governance framework, not an excuse to micromanage. ...
