Board Priorities 2024: Cyber preparedness & resilience
11 January 2024
Several key cyber developments took place in 2023, highlighting the need for organisations to uplift their cyber readiness and resilience this year.
We have seen a sharp reminder of the importance of geo-political risk and the cyber threat environment, with Five Eye Governments overtly re-stating the risks of State-based threat actors and the importance of growing risks to critical infrastructure, intellectual property and both personal and sensitive information. We have also seen the significant growth and advances in the use of artificial intelligence (AI).
Cyber regulators across the world are highlighting evidence of threat actors affiliated with state-based threat actors who are dedicating substantial resources and deploying increasingly sophisticated capabilities to target critical infrastructure networks.
While the cyber activity of state-aligned actors often focuses on distributed-denial-of-service attacks, website defacements and/or the spread of misinformation, some have stated a desire to achieve a more disruptive and destructive impact directed at critical infrastructure of western countries, specifically targeting utilities (water and electricity in particular), communications, health, financial services, food, transport and defence. The role of State-based threat actors in corporate espionage is higher on the agenda in 2024 than it has been for some years.
State-sponsored criminals, are also refining their operating models to cause maximum disruption across a growing number of high-profile attacks, including using AI. AI has the potential to dramatically change the scale of the cyber security challenges organisations face. Hostile adversaries are already using large language models or LLMs to develop increasingly sophisticated phishing emails and scams. In the future, AI could be used to conduct targeted or untargeted cyberattacks and it is likely to lead to the further proliferation of cyber capability to a wider range of actors. Generative AI also has the potential to create synthetic cyber environments which could be used for criminal purposes or fraud.
T: +44 782 3341 304
E: Robert.Hanley@ashurst.com
Rob Hanley is a partner in our global corporate governance practice.
Rob advises listed and larger private companies on strategic corporate governance matters. He acts as a trusted adviser to our clients’ Chairs, Company Secretaries and General Counsel, providing pragmatic advice and guidance on legal and regulatory requirements, stakeholder issues and current and emerging risks, including cyber and ESG.
Rob also advises on a broad range of specialist governance issues such as directors' duties and liabilities, market announcement obligations, governance structures, conflicts of interest, governance charters and policies and shareholder meetings.
T: +61 2 9258 6479
E: John.Macpherson@ashurst.com
John leads the cyber response team working with clients to prepare for, and respond to high impact cyber incidents. As a strategic advisor to Boards and leadership teams in Australia and internationally, he supports them in their recovery from acute crisis. He regularly helps clients build sustainable resilience frameworks and risk-led approaches to cyber and digital security, bridging expertise in crisis management and business continuity, stakeholder management and communication, customer remediation and complaints, data governance and privacy, third party risk management, and regulatory notifications and investigations.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.