Published: February 2024
Summary: This resource covers the board’s role, key requirements, questions to be answered, and red flags they should be clear on across four cyber attack phases:
- Readiness
- Response
- Recovery
- Remediate
Also included:
- Discussion around ransom payment decision making.
- Key cyber security regulatory obligations.
- Summary of response plans that should be in place prior to an incident.
- Comprehensive listing of other resources.
The guidance was developed by the AICD in partnership with the Cyber Security Cooperative Research Centre (CSCRC) and Ashurst.
The resource expands on existing guidance in the AICD CSCRC Cyber Security Governance Principles.