EXPERT SPEAK
It is good that management boards will now shoulder some of the responsibility for risk management . While board members may not need to understand every technical detail , they must be aware of the major risks affecting their organisation and work with their teams to mitigate them .
These changes will significantly impact the role of CISOs , which is often the bridge between technical teams and the board . We expect CISOs and their teams to have more seats at the table . Particularly in organisations that are less mature in terms of their security posture .
Ensuring that management teams are knowledgeable enough to ask the right questions and make informed decisions will undoubtedly be a key challenge . While board members do not need to know the finer details , they should be capable of asking their teams the right questions about risk . Governance also needs to be a team effort , with legal , compliance , and technical teams working closely together to ensure a coherent approach to risk management .
While you cannot eliminate human error , you can minimise it through regular training , engagement , and technological support .
Building resilience
At the core of both NIS2 and DORA is the emphasis on creating a culture of resilience . Employee training and awareness are crucial components of any cybersecurity strategy , but they are often areas where most organisations struggle . Traditional training methods , such as lengthy security documents , can be easily forgotten or inconsistently applied .
Organisations should advocate for more interactive and engaging methods , including the use of technology to nudge employees toward more secure behaviour . Organisations should not underestimate the importance of small prompts in motivating people to make better choices , like password strength reminders , that encourage compliance without overburdening employees .
While you cannot eliminate human error , you can minimise it through regular training , engagement , and technological support . The importance of buy-in from staff emphasises that storytelling and clear communication can help empower employees to take ownership of their role in maintaining the organisation ’ s security .
Instead of taking a top-down approach to compliance , organisations should encourage employees to play an active role in the formation of new security policies , making them more likely to apply them and encourage others to do the same .
Governance is one of the trickiest aspects of implementing the new
56 www . intelligenttechchannels . com