“It’s not a case of ‘if’ but ‘when’ digital disruption will impact your business,” says Arcus, in a message for businesses as the country marks Connect Smart Week.
Directors must grasp the specific risks, determine risk appetite and take action.
“We’re living in an era where technology is an integral part of our daily lives, and directors need to consider the strategic opportunities this presents.”
But with those opportunities also comes risk, he stresses.“Cyber-risk extends beyond direct financial loss into business disruption, reputational impact, regulatory issues, customer experience and perception.”
“Directors must grasp the specific risks, determine risk appetite and take action.”
Read more: Preparing for the digital economy? Think bi-modal, says Gartner
He says these are among the business drivers behind the launch of the one-day workshop called Leading in a Digital Era. The course, developed with Deloitte Digital, will help directors to test the rigour of digital business cases presented to their boards. The institute also has a Cyber-Risk Practice Guide listing the critical questions directors have a duty to ask.
“It is not unfamiliar territory for directors to identify and manage risks, and the principles behind cyber-risk are no different to other areas of risk,” says Arcus. “Put cyber-risk on the agenda before it becomes the agenda.”
Related: Ascent of the digital board director
Ian Pollard, managing director of Delta Insurance, echoes the same message.
Read more: Call for SMEs to get a cybersecurity ‘warrant of fitness’
“All levels of an organisation, from the board of directors, the executive and senior management down, need to take action to protect against data protection and cyber threats,” he says.
“Businesses need to take cyber risk seriously and protect data, because data loss and cyber-attacks are real, growing and very costly.”
Pollard highlights another key issue – the need to update existing laws – specifically the Privacy Law, to reflect the changing online environment.
He says New Zealand is out of step with international data-security standards and New Zealanders are at greater risk of having their personal information leaked.
Read more: Multi-speed IT needs multi-speed CIOs
Existing laws have served New Zealand well, says Pollard, but they are in need of an update.
“The New Zealand Privacy Act was written in 1993 to tackle the problems of the time, but the modern cyber-security environment and proliferation of data have grown in ways that were difficult to predict,” he says.
Read more: The future of cybersecurity
All levels of an organisation, from the board of directors, the executive and senior management down, need to take action to protect against data protection and cyber threats,
Under the current law, if a New Zealand company experiences a data breach (such as a hack or accidental leak of customer data) the company is not obligated to inform the affected consumers.
This means that customers’ personal data, including credit card details, tax information and medical histories, could be being passed around online without their knowledge.
Pollard says while New Zealand’s data security laws do not currently require mandatory notification in the event of a breach, local businesses operating internationally do need to abide by the standards of the countries they are doing business in.
Read more: 5 (non-technology) lessons from an ERP implementation
Send news tips and comments to divina_paredes@idg.co.nz
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter:@cio_nz
Sign up for CIO newsletters for regular updates on CIO news, views and events.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.