Having a plan in place that covers risk management, or the process of identifying potential risks, assessing their impact, and planning how to respond should the risks become reality, has become critical for every organisation, irrespective of their size or industry.

However, cyber security is still viewed as something the IT department needs to take care of instead of an enterprise risk, and IT continues to manage risk from a compliance perspective as opposed to a business one.

So says Itumeleng Makgati, group CISO at Sasol, who will present a case study on: ‘A board conversation on cyber security risk management’ at the ITWeb Security Summit, to be held from 25 to 28 August as a virtual event.

According to her, cyber security has gained increasing attention from the board in recent years.

Today, board members expect crisp accountability, knowledgeable and accurate forecasts, as well as information that is relevant in a strategic context. They also look to the CISO to put any changes into perspective, she explains.

However, the COVID-19 disruption has added new complexities to the board’s cyber risk concerns. In recent months, lockdowns aimed at curbing the spread of COVID-19 have seen the global workforce change significantly to work-from-home environments, a shift that poses new risks to both businesses and individuals alike.

“The conversation and the noise related to cyber security has been amplified,” she adds. There is a greater need to raise awareness around cyber security within the organisation, as attackers are capitalising on the panic and uncertainty, using any and all means to gain access to the personal information of both businesses and individuals.

Delegates attending her talk will gain an understanding around the communications between the board and the CISO, as well as how to help the board to ask the right questions. Finally, Makgati will discuss championing a ‘security-first’ mindset across the entire management team.