On Wednesday, 16 March our webinar on “How boards should respond to a cyber-attack” took place.

The impact of a cyber-attack on an organization can be very destructive. So, what should board members be doing to ensure that their organizations are prepared for such an attack?

In this BLC session, we have walked you through the basics of a cyber-attack and provided you with relevant questions you should be asking your technical experts to help drive greater cyber resilience within your organization.

Please find below some key takeaways:

  • Responding successfully starts at the top
    The C-suite should be responsible for ensuring operational continuity and should appoint a cyber security team to manage the necessary tools for success.
  • Key decisions before an event are not technical
    Critical decisions cannot be made exclusively by cyber security and technology teams. Some are strategic and may require government coordination.
  • Smart preparation demands training
    Preparation is key. Failure to formulate a plan risks serious consequences when an attack strikes.
  • Everyone has a role to play in a crisis
    Often, the recovery process relies on highly skilled individuals with extensive knowledge of the network and industrial processes. Responding to large-scale ransomware attacks requires everyone in the organization to fully understand their role in a crisis. To help prepare and raise awareness of the implications of an effective response, it’s highly encouraged for organizations to engage in testing and rehearsal exercises
  • Bring a ‘table-top’ exercise to the boardroom
    A well-defined ‘table-top’ exercise should help C-level leaders understand the importance of effective decision-making during a cyberattack.
  • Do not improvise
    When the moment arises, have a well-designed and rehearsed plan with the right specialists to support with contention, forensics and recovery. Consider having a trained team either in-house or secured through a specialized firm on demand contract.
  • Cover for damage
    Cyber insurance is becoming more widespread and even required in some settings. Although insurance may not cover all potential damage (e.g. it doesn’t cover all physical events, and it’s unlikely that it will pay the ransom), it’s a good method to reduce the economic impact of an incident.

Relive the webinar


During this webinar we provided insights into:

  • Cyber threat landscape
  • The security triad
  • Current state of play
  • Who is behind cyber-attacks?
  • The Mammoth case: a real-life case study
  • Cyber security toolkit for Boards

If you missed the webinar or would like to revisit it, we invite you to watch the recording and download the slides.

Watch the recording

Please select your preferred topic(s) by clicking on the corresponding video(s). Should you have any further questions or comments, do not hesitate to reach out to our experts.

loading loading

Other relevant articles

About the Board Leadership Center

KPMG’s Board Leadership Center (BLC) offers non-executive and executive board members – and those working closely with them – a place within a community of board-level peers. Through an array of insights, perspectives and events – including topical seminars and more technical Board Academy sessions – the BLC promotes continuous education around the critical issues driving board agendas.