Better Boards Better Boards
BOOK A DEMO
Menu Close

It’s Not If – It’s When: The Role of Boards in the Cyber-Risk Age

BetterBoards LinkedIn Beatrice Devillon Cohen

Cybersecurity is a core business risk that can impact the entire organisation. Boards must understand how cyber threats impact financial performance, reputation, and regulatory obligations. Boards must also build awareness of their organisation’s cyber security posture, protection measures, and incident response protocols.

In this podcast, Dr Sabine Dembkowski, Founder and Managing Partner at Better Boards, is joined by Beatrice Devillon-Cohen. Beatrice has over 25 years of investment banking experience, having led traders’ teams across the UK, Europe, Asia, and the US. She has now developed a portfolio of non-executive positions, having recently served on the Audit Committee of the European Investment Bank and the Finance Committee at King’s College, London. She is currently Senior Independent Director and Chair of the Risk Committee at Mitsubishi UFJ Securities EMEA.

“The Rule of Three is important when it comes to cybersecurity.”

As Boards seek to manage and survive cyber threats, the Rule of Three comes into play. On average, in a cyber event, there are three days of chaos, three weeks of systems rebuilding, and three months of constant IT problems.

“What has been changing over time is the cyber-criminal groups. They are now running their operation as a business, selling cyber attacks as a service.”

The criminal ecosystem has gone professional. While there will always be bored teenagers or disgruntled employees, the more serious players run their operations like business ventures. They sell cyberattacks as a service, backed by deep resources, skilled talent, and vast networks.

“You need to work on mitigation, responding to an attack, and recovering. That’s your battleground.”

While cyber threats can’t be entirely avoided, Beatrice counsels Boards not to despair. There is plenty that can be done. It begins by understanding how threats work.

A primary attack path is through links in emails that sound very realistic, especially with modern AI. One-click installs malware that hackers can use for access. Caution and education can help prevent this.

Another primary attack path is third-party providers. External suppliers are compromised and used as a bridge into your own internal system. It’s why so many companies now emphasise third-party risk management.

“Never hope for the best when it comes to cybersecurity, because hope will not be a strategy.”

Boards are accountable for cyber risk oversight (see the UK Cyber Governance Code of Practice). They need to make it a strategic priority. Build relationships with IT heads, show curiosity, and build trust.

Get a strong dialogue going. Educate within the organisation and with third-party partners. Create a no-blame culture so that when something happens, it is escalated immediately, thereby limiting its impact.

She also encourages Boards to remember the psychological side. The Rule of Three will be in play. Helping executives manage the mental strain, get rest, and keep a clear head is critical for survival.

“It’s our own duty to upskill, stay current, and think around the corner on that subject, like any other subject in the boardroom.”

Cyber culture starts at the top. It is not “too complicated” to pick up basic cyber safety skills or understand risk. Plus, with AI and quantum computing on the horizon, any actions Boards can take—and lead their companies to take—will help prepare for future risks.

 

The top three takeaways from our conversation for effective boards are:

  • Cyber risk is a business risk. Own it as such.
  • Don’t hide, as a Board member, behind “it’s too technical and not for me”. Upskill, be curious, and engage with executives.
  • Prepare for it. Run exercises and test regularly.

 

Come Join the Better Boards Community

We’d love to get to know you! If you’d like to become part of the Better Boards community, discover our unique approach, and explore ways to work with us or share your ideas on The Better Boards Podcast Series, drop us a line at info@better-boards.com

Remember to subscribe and never miss an episode of the Better Boards Podcast Series. It’s available on Apple, Spotify, or Google.

 

To find out how you can participate in the Better Boards Podcast Series or for more information on Better Boards’ solutions, please email us at info@better-boards.com.

© 2025 Better Boards Limited. All Rights Reserved. C/O Wilson Partners Limited, Tor, Saint-Cloud Way, Maidenhead, Berkshire, England, SL6 8BN

Share This

Copy Link to Clipboard

Copy