Unquantified cyber risk is toxic for boards

The Co-op seems to be facing a perfect storm, with its CEO departing as losses from its cyber attack rise and amid accusations of a toxic culture. JLR is also still struggling with the aftermath of its attack.

Estimating the potential cost of a future cyber incident is a challenging but vital activity for boards. If you can't quantify the risk you don't know how much to spend on managing it, or indeed whether you’d be able to survive said incident.

The hardest risk of all to quantify is the cost to board functioning. A significant cyber incident and its aftermath may be traumatic for all involved. The disruption and uncertainty can rip through fragile board dynamics, creating unbearable pressure on leaders and staff, exposing historic weaknesses, driving blame apportionment, and generally acting as the last straw for an already troubled organisation.

Hard to capture on a risk register, hard to rehearse during a cyber exercise, but a cautionary tale for leaders to bear in mind when deciding how much attention to pay to cyber security!

Join us at our Chatham House webinar, Planning for Cyber Recovery, where we'll be hearing from Rebecca Lawrence, previously CEO at the British Library, to hear her first-hand insights on what cyber recovery looks like for a board.