Directors and business owners are increasingly responsible for the digital resilience of their organizations. To support them in this, the Cyber Security Council (hereafter the Council), in collaboration with a number of other organizations, has taken the initiative for the Cybersecurity Handbook for directors and business owners.
The CSR emphasizes that cybersecurity is no longer exclusively an operational matter: the strategic choices and their monitoring require active involvement from the top of the organization. The handbook contains practical guidelines that directors and business owners can start working with immediately.
The handbook addresses such issues as:
Administrative responsibilities arising from European regulations, such as NIS2 and DORA;
Establishing effective governance and oversight of cyber resilience;
The importance of understanding supply chain risk and supplier management;
Concrete questions directors can ask themselves and their organizations to identify cyber risks.
The council calls on directors and business owners to view cybersecurity not only as a technical challenge, but as an integral part of their managerial task. Good governance also means: actively managing for digital resilience.
The guidance is applicable to organizations of all sizes, in both public and private sectors, including those not covered by new cyber legislation such as NIS2 or DORA. The council advises all organizations to actively prepare for a cyber incident even if they are not directly covered by cyber legislation.
This guide replaces the old 2019 version and was created with the cooperation of several council members, their constituencies and external advisors.
