Building Business Resilience What the Board of Directors Need to Know A Briefing for the C-Suite

Vladlena Benson, Michael Hughes

Research output: Book/ReportCommissioned report


The C-level executives of all organisations no matter how large or small, whether in the private or public sectors,
have a responsibility to ensure their business is resilient to the impact of adverse risks. All organisations today are
reliant on technology to deliver their services to their customers and manage their business, whether they are a
large financial institution, manufacturer, retailer, public sector organisation, SME etc. Indeed, many of the more
successful organisations are actually technology companies, totally reliant on technology to deliver their service.
Uber, Airbnb, and Amazon are just a few names which spring to mind. In our ever increasing, always connected
cyber age, they are therefore exposed to the risk of a cyber-attack.
No longer can this issue be delegated to the IT senior management team, accountability rests with the C-suite, so
they need to provide effective governance oversight to ensure that the business is as resilient as possible, in line
with the organisation’s cyber risk.
This briefing paper accompanies the ACCA’s “Cyber and the CFO report” which can be found at:
However, managing an organisation’s Cyber Risk is complex and it is not just the responsibility of the
CFO, it’s the responsibility of the all the C-suite of an organisation. The C-suite have to get to grips with the reality
that just as they start their work day, thousands of organised crime firms wake up with the only KPI – breaking
into your enterprise network.
The C-suite have many other priorities to balance, as well as the issue of the Cyber Risk. Therefore, this paper
provides some guidance on the basics. The C-suite should ensure that their organisations are:
• doing the right things;
• doing them in the right way;
• doing them well; and
• protecting business value, effectively managing the cyber risk and protecting the business.
The C-suite, as company directors, have a legal responsibility to provide effective governance oversight and to
ensure that the company is well managed, to protect its customers, employees, shareholders, and business
partners. This extends to ensuring that the organisation fully understands their cyber risks and these are being
adequately and effectively managed. The C-suite need to lead by example, not only in what they say, but more
importantly, in what they do. This includes, observing the organisational security policies.
Original languageEnglish
Publication statusPublished - Aug 2019


Dive into the research topics of 'Building Business Resilience What the Board of Directors Need to Know A Briefing for the C-Suite'. Together they form a unique fingerprint.

Cite this