There's a range of important questions that organisations should be asking regarding cybersecurity control. To summarise here are three really important areas;
1. Is your strategy adequate?
Do organisations have an adequate, robust cybersecurity strategy, is it tested and does it cover the key components of a very robust cyber control framework?
2. Do you have the right third party agreements and assurance?
The second point is in terms of third party assurance, in organisations as we've mentioned you are using more third pipes to support their business operations. Make sure that we have the right level assurance from our third parties, that they have the key IT data security controls in place.
3. Are you workforce educated and alive to threats?
The third element in terms of your staff, do organisations have the right level of education in place? The right level of cyber control awareness program in place to equip organisational staff with the right skill level to respond effectively to a potential cyberattack.