The IBA’s response to the war in Ukraine
New IBA report provides first-of-its-kind global perspective on cybersecurity risk governance
A new report from the International Bar Association (IBA) Presidential Task Force on Cybersecurity and the IBA Legal Policy & Research Unit (LPRU) provides a first-of-its-kind global perspective on key governance practices for senior managers and boards of directors to protect their organisations against cyber-attacks. Titled Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors, the report provides an insight into existing cybersecurity threats and outlines actionable steps that companies can take to strengthen their cyber risk governance.
The report draws on sources across ten jurisdictions—Australia, Brazil, Denmark, Germany, India, Israel, Singapore, Uganda, the United Kingdom and the United States – to provide comparative analysis with diverse international case studies.
Sternford Moyo, Immediate Past President of the IBA and Chairman, Scanlen and Holderness, Zimbabwe, who appointed the Task Force during his 2021–22 presidency and assigned the project as a presidential priority, commented: ‘There is a real need for leadership and development of international cyber best practices in the intersection of law, public policy and technology. This IBA report sets a global benchmark on best governance practices for corporations in effectively safeguarding their organisations against cyber risks.’
With the rise of 5G networks, quantum computing and devices linked to the Internet of Things, cybersecurity is fast evolving into a primary concern for society at large. According to data from the Identity Theft Resource Center, 53.3 million Americans were impacted by a data compromise in the first half of 2022. Meanwhile the telecommunications company Verizon reported that of the total breaches committed in 2022, 89 per cent were financially motivated and almost half of all cyber breaches featured hacking.
Regulatory bodies have begun developing legal guidelines and standards in response to the increase in cyber-attacks. However, simply abiding by such regulations no longer secures companies, rather company leaders must proactively establish security frameworks and strategies.
Luke Dembosky, Co-Chair of the Presidential Task Force on Cybersecurity and a partner at Debevoise & Plimpton, US, remarked: ‘It is more important than ever that senior executives and boards of directors engage directly in ensuring their organisations are managing cyber risks effectively. The days of leaving that enormous responsibility to the IT team or to privacy compliance to handle are long over, as these are clearly whole-company risks to operations, data, and brands. We hope that this report is a useful guide to the range of issues involved and practical steps corporate leaders can take to carry out effective cyber oversight.’
Through its country-level case studies, the report highlights the widely varying cybersecurity practices across regions due to differences in regulatory capabilities. While organisation-level governance and accountability are important, large-scale leadership is undoubtedly necessary. Setting guidelines and standards apart from national legislation can bridge existing gaps in knowledge. The new IBA report acknowledges the shared accountability between senior management and boards of directors to tackle cybersecurity risks and provides 17 recommendations to both parties, including:
- understand the cyber risk profile of the organisation;
- ensure the board and management have sufficient cybersecurity expertise;
- ensure appropriate reporting lines so that cyber risks are raised to leadership;
- invest sufficient funds to meet cybersecurity goals; and
- review, understand and test the organisation’s cyber incident response plans.
Senior management play a crucial role in day-to-day operations, positioning them well to map cybersecurity risks and identify high-priority concerns. Tracking internal knowledge, external support and expertise, and cross-functional collaboration, they are best placed to select the ideal policy for their organisation. They are also responsible for ensuring internal compliance, and as the primary reporters to the board, they can also suggest timely analysis/assessments and updates.
Søren Skibsted, Co-Chair of the Presidential Task Force on Cybersecurity and a partner at Kromann Reumert, Denmark, commented: ‘The number, magnitude, sophistication, frequency and impact of cyber incidents are increasing. Today they represent one of the biggest challenges to the proper functioning of organisations and the successful embracement of digital transformation. Now more than ever, senior executives and boards of directors need to better understand the strategic essence of cyber resilience, and it is our hope that this guide will serve as a catalyst for senior executives and boards of directors to accept accountability for – and enable impactful actions with respect to – advancing their organisations’ overall cyber capabilities and resilience.’
Having a well-advised and attentive board with a thorough understanding of the financial and legal risks associated with poor cybersecurity practices is critical for organisations today, with supervisory boards allowing for a top-down approach to cybersecurity prioritisation. In Australia, Germany, the UK and the US, recent enacted legislation holds boards directly accountable for cybersecurity oversight.
The new report expands upon the IBA Cybersecurity Guidelines (2018).
Notes to the Editor
- Click here to download a PDF of Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors.
- The IBA has convened a number of Task Forces to look into pressing contemporary issues. Find out more here: www.ibanet.org/Task-Forces
Members of the IBA Presidential Task Force on Cybersecurity:
Søren Skibsted, Co-Chair (Kromann Reumert, Denmark)
Luke Dembosky, Co-Chair (Debevoise & Plimpton, US)
Sara Carnegie (IBA Legal Policy & Research Unit, UK)
Anurag Bana (IBA Legal Policy & Research Unit, UK)
In alphabetical order
Anne-Marie Allgrove (Baker McKenzie, Australia)
Anthony Borgese (Minter Ellison, Australia)
Marc Hilber (Oppenhoff, Germany)
Olive Nancy Kwaga (CTI Africa, Uganda)
Chung Nian Lam (Wong Partnership, Singapore)
Kate Macmillan (Herbert Smith Freehills, UK)
Harriet Pearson (Hogan Lovells, US)
Arye Schreiber (MyEDPO, Israel)
Thiago Sombra (Mattos Filho, Brazil)
Christel Teglers (Kromann Reumert, Denmark)
The International Bar Association (IBA), the global voice of the legal profession, is the foremost organisation for international legal practitioners, bar associations and law societies. Established in 1947, shortly after the creation of the United Nations, with the aim of protecting and advancing the rule of law globally, the IBA was born out of the conviction that an organisation made up of the world's bar associations could contribute to global stability and peace through the administration of justice.
The IBA acts as a connector, enabler, and influencer, for fair practice and accountability worldwide. The IBA has collaborated on a broad range of ground-breaking, international projects with the United Nations, the European Parliament, the Council of Europe, The Commonwealth, the Organisation for Economic Co-operation and Development (OECD), the World Trade Organization, the International Monetary Fund and the World Bank, among others.
Find the IBA on social media here:
Please direct enquiries/interview requests to:
Romana St. Matthew-Daniel
International Bar Association
53-64 Chancery Lane
Mobile: +44 (0)7940 731 915
Direct Line: +44 (0)20 7842 0094
Main Office: +44 (0)20 7842 0090
Fax: +44 (0)20 7842 0091
Website page link for this news release:
Short link: tinyurl.com/3xhscjr9
Full link: www.ibanet.org/New-IBA-report-provides-first-of-its-kind-global-perspective-on-cybersecurity-risk-governance