Technology is constantly changing, and this is transforming the digital ecosystem around the world including Mauritius. With rapid development in communication technology and the Internet of Things [IOT], the possibilities of connected devices have become endless. Embracing technology is a must for many organisations and due to the power of the Internet, there has been a growing number of businesses doing e-commerce and creating other businesses online.
Addressing cyber security risks is surely a topic that needs to be on the Board’s agenda. As per the National Code of Corporate Governance for Mauritius (2016), “The Board should ensure that information assets be managed effectively, and should delegate to management the implementation of a framework on information, information technology, and information security governance”. This implies that the Board needs to ensure that the organisation has a robust system of internal controls including controls pertaining to technology, and where necessary, reinforce capacity at all levels to prevent cyber criminals from exploiting the weakest link in the organisation.
However, it is important to highlight that cyber security is above all everyone’s responsibility, especially when using smart and/or mobile devices and technologies that are connected to the Internet. The Audit Committee Forum Position Paper 10 sets the tone on what Audit Committee members and the Board, including any person who oversees governance needs to know about cyber risk management. This will enable them to navigate the challenges while fully embracing technology, and being aware of the cyber risks and controls to be implemented to support resilience and achieve sustainable business growth.