Thanks to COVID-19, boards have many new challenges and risks to tackle right now.  Unfortunately, one of their main pre-crisis worries has just shot up the stress scale.  Even before the crisis, it was hard for boards to know how best to deal with cyber risk.  Now, with many people working from home, the risks are likely to have increased, possibly hugely.  In the old days (remember those?) employees generally operated within controlled environments and networks and in line with security protocols. 

A man is working from home wearing a shirt and tie with pajama bottoms, slippers and a mask. He is facing a screen that displays "Device now in lockdown". The caption reads "A more conventional virus creeps in".

Now it’s mostly about using multiple devices in less secure places – and that’s opened up crevices in the cyber security landscapes for many organisations.  The risks are huge –  which makes it a board issue, not just an operational challenge.  So there are a raft of new questions that boards need to be asking management to get assurance that the risks are minimised or there’s at least a plan being put in place to close the gaps.  Working with our expert partners, Cobweb Cyber, we’ve put together guidance for boards suggesting the practices they should adopt – and what they need to avoid.  We have also produced a handy checklist of handy cyber risk questions boards need to ask: download checklist.