Why:

• The board of every regulated entity needs to know how the organisation should be managing cybersecurity risk, and what is expected of board members.
• Board members need to know about the emerging risks and current regulatory expectations.
• And they need to know how they can get reassurance that these risks and regulations are being managed.

Why Me:

• A cybersecurity expert can talk to board members about the latest attack trends.
• A compliance expert can talk about the latest regulatory guidance.
• I cover both, in plain English.

What I can discuss:

• I cover topics such as:
  • The most likely cyber threats (which are not necessarily those that hit the headlines).
  • The most common regulatory compliance problems.
  • The most likely challenges that firms will face as they prepare for the EU’s DORA (Digital Operational Resilience Act) regulation.
• I focus on what the regulators expect of board members, which differs from their expectations of executives and senior managers.

What the agenda looks like:

• My agenda can include a number of the topics mentioned above.
• My approach encourages board members to ask me anything and to steer the session to the areas of most concern to the organisation.

What the planning activity looks like:

• [Optional] 30-minute preparation session with a Board representative, about 1 week before the session, to finalise the agenda.
• 30-minute briefing session.
• Both are delivered remotely over Zoom (or Microsoft Teams).