Boards of directors needs to increase its competence in cyber security
The Board Academy is a non-profit organization whose purpose is to strengthen the competence of Swedish boards—cyber security competence has come high on the agenda now that new EU directives require increased management responsibility. That is why they have started working with the Center for Cyber Security at RISE, by offering cyber security training specifically for board members.
For just over 30 years, the non-profit member organization Styrelseakademien with its 8,000 members has worked to raise the competence of Swedish boards in all relevant areas. Increased cyberthreats and the fact that it is important as an organization to be strongly prepared for cyberattacks, as well as new EU regulations mean that cyber security has sailed high on boards' agendas. However, the competence lags behind.
Charlotte Gustavsson, who is a strategic advisor at Styrelseakademien, sees an increased need for training in the area. This led to a collaboration with the Center for Cyber Security at RISE.
— The new EU directive, NIS2, includes a management responsibility, which means that it will be the board's responsibility to update itself in cyber security, says Charlotte.
In practice, this means that cyber security must be built into organizations in a different way than before, and that it should spill through the entire system to every single employee. In addition, it requires continuous training and practice.
"In the past you had fire drills and now we need to have cyber security drills," continues Charlotte.
The collaboration with RISE will increase the cyber security competence of boards
To begin the journey towards increased competence in Swedish boards, the Styrelseakademien has started a collaboration with the Center for Cyber Security at RISE. It all started with raising one's own competence through exercises in the Cyber Range with experts from RISE. With these new insights into cyber security, the collaboration was deepened and has now resulted in a tailored training being offered together for board members in particular. The training will be given for the first time this autumn, in the Cyber Range, a specially adapted testbed for cyber security.
— The Cyber Range is a practice arena that is completely cut off from the outside world. Practicing right there gives a completely different understanding, for example how sensitive it is to have a mobile phone on the table. RISE also offers a role play where you get to follow a company in various critical situations and it is extremely valuable to jointly discuss different choices together with exercise leaders from RISE, and doing it yourself really consolidates the knowledge, Charlotte continues.
Together with RISE, they hope to raise the level of knowledge in business, from individual companies to larger organizations. All companies must be prepared to protect their operations and also understand that they are part of something bigger, where it is necessary to protect Sweden and Europe from cyber threats.
Register for the course (in swedish):
Cybersäkerhet för styrelseledamöter - teori med praktik - Styrelseakademien
The new EU directive includes a management responsibility, which means that it will be the board's responsibility to update itself in cyber security.