Craig Richardson, CEO of crime fighting software company Wynyard Group shares his recommendations for boards and executives on addressing cyber risks for their organisations.

1. 1
UNITED KINGDOM UNITED STATES CANADA DUBAI AUSTRALIA NEW ZEALAND
How companies should approach today’s cyber reality
Published by Wynyard UK
Cyber Tips

2. 2
ABOUT WYNYARD
Wynyard Group is a market leader in risk management and
crime-fighting software used in investigations
and intelligence operations by government agencies and
financial organisations.
Wynyard solutions help solve and prevent crime,
defend against advanced persistent cyber-threats and
counter terrorism. Wynyard’s powerful software platform
combines big data, advanced crime analytics and tradecraft
to identify persons of interest, stop offenders and protect
victims.
Wynyard has more than 120,000 users and offices in the
United States, United Kingdom, Canada, United Arab
Emirates, Australia and New Zealand. For more
information, visit wynyardgroup.com

3. 3
DON’T DELEGATE CYBER-RESPONSIBILITY
Responsibility for managing cyber-risk
in any organisation must sit at the
executive level.
Every organisation must have a
dedicated leader overseeing:
• Strategic planning
• Execution
• Assessment of security strategies,
policies, procedures and guiding
practices

4. 4
THE INCREASING ROLE OF THE CISO
Organisations must prioritise the need for a Chief Information
Security Officer (CISO) role.
The CISO should be independent of IT and have a direct
reporting channel into the board.
This position and where it sits should show that the organisation
is taking a formal approach to monitoring cyber-threat risk, with
regular updates and monitoring by the board.

5. 5
EVALUATE, ASSESS AND MANAGE CYBER-RISK
Cyber-attacks cause severe disruption to a company.
From kids hacking video game downloads, to terrorists
targeting critical infrastructure, no organisation is
immune.
Each organisation has a distinct cyber-threat risk profile,
depending on the nature of the business, what
information it deals with and how valuable that asset is to
criminals.
The risk executive must understand:
• Assets need to be identified and risk-assessed against
cyber-threats
• Information is their most important and valuable asset

6. 6
CRITICAL ASSETS AND RISK STRATEGY
Adopt a governance-led, information-driven approach to
managing cyber-risk.
Generally, the company needs to:
• Watch how threats are evolving
• Understand the degree of risk at any one time
• Set strategies for countering attacks
Information-driven cyber-intelligence allows companies to
assess, manage and minimise risks.

7. 7
EARLY DETECTION IS KEY
For most modern businesses being online is essential, but the
key differentiator is the ability to recognise a cyber-attack
quickly.
You need a deep understanding of your network and business:
• How it works
• What and where are the key business assets
• How users interact with the business and the outside world
A strategic approach to cyber-security spending will also help
to build a more effective cyber-security practice.

8. 8
PUT CYBER-RISK ON THE BOARD AGENDA
Cyber-threat is one of the many areas of risk that should
be overseen by the board of directors.
Directors are not expected to be experts in this area and
require information and advice. But this is not an excuse for
not taking action.
The board needs a high-level understanding of:
• The company’s cyber-risks
• The management of these risks
• The company’s cyber-incident response plan

9. 9
EVALUATE RISKS AGAINST THE THREAT VECTOR
The threat vector is the path a threat actor could take to
attack your network. It includes any access points to your
information ,from unsecured WIFI to USB media and many
others. Organisations need to pre-empt an inevitable
breach investigation.
Management should be able to explain to the board how it
selects, manages and monitors third parties and their
access to data.
Boards should be provided with meaningful, data-driven
metrics that demonstrate both the performance and
effectiveness of a cyber-response plan.

10. 10
SUMMARY
Include cyber-risk in normal operational risk management.
The issue is here to stay.
Everyone, from executives to the board, should get
involved in cyber-risk management discussions.
To properly manage cyber-risk, the CEO and board must
fully understand the company’s exposure, how the risks
are being managed, and the response plan when the
inevitable breach occurs.

11. 11
CRAIG RICHARDSON
Craig Richardson is Wynyard Group’s
founding Chief Executive Officer. He
was previously the Chief Financial
Officer of Coca-Cola Amatil’s
(ASX:CCL) Pacific operations and VP
Finance for BlueScope Steel
(ASX:BSL) for the region. Craig has
also held senior executive roles in
finance, strategy and planning with
Vodafone in Sweden and Australia.
Craig is a certified practising
accountant and fellow of CPA
Australia. He is currently a board
member of Crown entity Callaghan
Innovation.
https://www.wynyardgroup.com/en/ab
out/management-team/

12. 12
RELATED BLOGS
Social media companies must do more to help fight extremism and terrorism
Former GCHQ deputy director cyber defence joins Wynyard Group
Cyber attacks - The importance of managing the risk
Cyber risk is here to stay
Cyber risk trends for 2015
CLICK HERE TO RECEIVE MORE INFORMATION ON MANAGING CYBER RISK