Cybersecurity has transformed from an IT issue to a critical boardroom priority, as cyber threats increasingly cause full-scale operational disruptions. In recent months, major airports, manufacturers such as Asahi in Japan, and Jaguar Land Rover (JLR) have faced operational disruptions with lasting impact.
Asahi resorted to manual order processing using fax machines and had to halt entire business functions, leading to delays in beer production. The cyber-attack on JLR reportedly cost the company over £1.9 million, underscoring the impact of such attacks. The cost of cyber-attacks now extends far beyond data loss, threatening revenue, reputation, and, more importantly, customer trust.
According to Ciaran Bollard, CEO of The Corporate Governance Institute, cybersecurity has become an existential concern for organisations and must go from an IT concern to a boardroom one.
“Boards must shift from prevention to resilience. In today’s world, breaches are more common and must be considered inevitable for businesses. Companies understand that, despite efforts, the risk of a cyber-attack remains and must therefore equip boards, executive and management teams with the proper knowledge to address it.
“More time and effort must be put into mitigation and recovery to minimise disruption and protect brand integrity. What once took weeks or months to restore must now be recoverable within hours.
“Boards must be aware of any cyber threat to the organisation and have a strategy in place to mitigate risks or reduce operational disruption. This means boards must integrate cybersecurity into their governance practices and focus on building organisational resilience.
“To become effective security leaders, Chief Security Officers (CSOs) must evolve into Chief Digital Resilience Officers who understand the organisation’s culture and bridge the gap between technical expertise and business strategy.
“Resilient organisations ensure cybersecurity exercises, such as scenario planning, are a regular practice, which includes all stakeholders, including the board, management teams and the executives. This addresses risk factors from all areas, including business, legal, financial and security.
“Ultimately, the board must be able to define which risks to prioritise and mitigate, determine the recovery time for each risk and estimate the costs of a breach. Scenario planning is a simple and effective tool which builds organisation-wide awareness and accountability.”
As cyber threats continue to evolve, boards must take a more effective role in cyber risk quantification and adapt to make cybersecurity a core part of an organisation’s business strategy. For a business to survive in today’s climate, its leaders must understand that cybersecurity is a business resilience and boardroom issue.
About the Corporate Governance Institute
The Corporate Governance Institute (TCGI) believes that governance is a powerful force for transformation, innovation, sustainable growth, and real progress. By combining grounded expertise with practitioner-led experience, the Institute equips today’s most effective leaders, businesses, and boards to move far beyond compliance to unlock serious, strategic competitive advantage. Whether for individuals, teams, or organisations, TCGI brings sharp insights, fresh perspectives, and hands-on tools to drive long-term impact, build momentum, and make tough calls with confidence - in a world that won’t wait. Because good governance isn’t just about risk, it’s about readiness. With learners in 79 countries and courses independently rated as excellent, we’re a trusted global partner in leadership and boardroom success.
