Cyber risk is evolving, but are Boards keeping pace? That was the central question at the recent Institute of Corporate Directors (ICD) event, “Is Your Board Driving for Cybersecurity Resilience?”, held on February 25, 2025, at Hub 350 in Kanata.
As AI and emerging technologies dominate boardroom discussions, is cybersecurity being left behind? The event tackled this pressing issue, bringing together leading experts to explore how cybersecurity considerations have shifted in recent years.
Stratford Management Consulting’s Kim Butler emceed the event, kicking off an insightful discussion on the shifting role of cybersecurity in boardroom decision-making. Moderated by John Proctor, the panel brought together leading experts in cybersecurity and governance:
-
- Matt Davies – Former CTO, Shared Services Canada; Board Member, Hydro Ottawa & University of Ottawa Heart Institute
- Abigail Carter-Langford – Cybersecurity & Digital Transformation Specialist; Former EVP Governance, Risk & Compliance, Canada Health Infoway
- Sacha Gera – Former Head of Cyber Business at Calian; Former CEO, JSI; Board Member, CENGN, Quantropi, Ottawa Board of Trade
Key Discussion Points & Takeaways
As cyber threats become more sophisticated and financially devastating, Boards must take an active role in cybersecurity governance. The conversation has shifted from prevention to resilience, recognizing that breaches are inevitable. The key to mitigating risk lies in proactive oversight, strategic risk management, and fostering a culture of cybersecurity awareness at all levels. Below are the critical insights from the discussion:
Cybersecurity as a Board-Level Priority
Cybersecurity is no longer just an IT issue—it is a core business risk that demands board-level oversight. With cyberattacks costing organizations trillions annually, Boards must move beyond compliance checkboxes to proactive cyber resilience strategies that protect financial stability, operations, and reputation.
Cyber Risk Management: From Reactive to Proactive
Boards must ensure that organizations:
✔️ Conduct regular risk assessments to identify vulnerabilities before they become crises.
✔️ Integrate cybersecurity into overall business strategy rather than treating it as a siloed IT function.
✔️ Align security investments with the organization’s risk tolerance and business objectives.
Incident Response & Business Continuity
It’s no longer a matter of if a cyber incident will occur, but when. Organizations must have:
✔️ Clear, tested response plans to minimize operational disruption.
✔️ Defined crisis communication protocols to maintain stakeholder trust.
✔️ A focus on resilience over prevention, ensuring rapid recovery and business continuity.
Training & Awareness: Strengthening the Human Firewall
Human error remains one of the biggest security vulnerabilities. Boards should advocate for:
✔️ Ongoing cybersecurity education for employees at all levels.
✔️ Board training on emerging cyber threats to strengthen governance.
✔️ A culture of security where cybersecurity is embedded into daily operations.
SMB Cybersecurity: Strengthening Defences on a Budget
Cyber risks are not limited to large enterprises—small and mid-sized businesses (SMBs) are prime targets due to fewer resources. Strategies for SMBs include:
✔️ Leveraging outsourced security services for cost-effective protection.
✔️ Adopting shared cybersecurity models for collective defense.
✔️ Implementing basic but essential security measures like multi-factor authentication
AI & Cybersecurity: A Double-Edged Sword
AI is transforming cybersecurity—both as a tool for defence and an enabler for cybercriminals. Boards must consider:
✔️ How AI-driven threat detection can improve cybersecurity posture.
✔️ The risks of AI-powered cyberattacks, including deepfakes and automated phishing.
✔️ The need for strong governance over AI-driven security tools to prevent bias and misuse.
Quantum Computing Risks: Preparing for the Future
While large-scale quantum computing is still emerging, it has the potential to disrupt current encryption standards. To ensure long-term security, organizations should:
✔ Stay informed about advancements in quantum computing and their potential impact on cybersecurity.
✔ Assess encryption dependencies to understand which critical assets could be vulnerable to future quantum decryption capabilities.
✔ Engage with cybersecurity experts to explore evolving strategies for cryptographic resilience.
We've compiled the top insights and takeaways into a downloadable resource to help Board members and executives stay ahead of evolving cybersecurity challenges.
👉 Download the Key Takeaways Here
Stratford helps Boards and executives stay ahead of cybersecurity challenges by providing expert guidance, strategic solutions, and actionable insights tailored to today’s evolving risks.
For more insights and to keep informed about upcoming events, stay connected with us.