Cyber risk as a board concern
‘Boards should validate the assurance measures in place for cyber security in the organisation. Similar to external financial auditing, companies should implement a culture of having critical security controls undergo independent review. Over the many years of assisting clients to respond to security incidents, over 75 per cent of cases were as a result of previously identified security issues which had not been addressed.’
Executive remuneration
‘Although the consultants spoke of many CEOs and executives who were “reasonable” or “measured”, they also described some as “greedy” or “aggressive” … Although instances were given of committees standing up to executives, comments were made that it is easier to pay more than to fight, and that greedy executives often received higher pay.’