As we have seen very recently with the disaster that befell the Bangladesh Central Bank, cyber threats are very real and are having a huge impact on a wide range of businesses. However, I think it’s very important to emphasise that this really isn’t a technology issue. It belongs very firmly with executive management and is on the boardroom table at a very high level of awareness, the goal for both is to establish and accept the right amount of risk in the context of the company’s competitive strategy in this digital age.  
There certainly has to be an examination of the skills and competencies round the board table to effectively address and manage this burgeoning risk.  
Some recent events in the UK with ‘TalkTalk’, a major FTSE 100 quoted company who had a major data loss, their share price was hammered and the CEO feared for her job, additionally the companies in the supply chain were then placed under significant investigation and assessment as to the effectiveness of their own cyber security arrangements. So, it’s very clear that the risk runs all the way through the supply chain not just the top company, and also very clear that all business decisions must take into consideration the element of cyber risk.
Beyond the development of sophisticated ‘Penetration Testing’ etc so much of the risk mitigation can be dealt with through decent quality housekeeping where an overt and sustained effort is made to create a secure “culture” so that people across the organisation behave appropriately in moments that matter.  
Vitally important is to ensure that the internal communications in the company absolutely focuses upon developing awareness and emphasising the importance of ethical behaviour, password protection etc.  
This would need to be monitored by internal audit. Also, very important is to clearly understand who in the company are the “super users”- ie. those who have access to the full range of the company’s IT environment and who could have a seriously disproportionate impact on the organisation- were they to act maliciously or even carelessly.
Companies have to realise the value of their customer information to everybody in the organisation and emphasise to all concerned the loss thereof has a huge impact on reputation and business effectiveness.
Some companies now are employing “certified ethical hackers” who as the name suggests are qualified individuals who work inside the company to ensure, wherever practical, the integrity of the system’s environment.  
Interestingly, a company which I chair has received requests from suppliers and indeed our insurers who were to send out a quotation by e-mail as to “is your IT environment secure”, we have replied in the affirmative but actually do not “evidence” ie. an independent assessment.  
This has resulted on two or three occasions of the counterparties concerned resorting to paper or fax, which is very much more secure.  Interesting times! There is no doubt that the challenges for boards and management are very severe, the latest hacking incident in Panama, which has caused global embarrassment, is another straw in the wind!


*Glasgow-based John R Wright is an academic, veteran banker and a former CEO of Oman International Bank and Gulf Bank, Kuwait.