Preparing for digital security reporting

When preparing to report on digital security, considering disclosures across four categories (Strategy, Risk, Governance, and Events) can provide context and linkage throughout your report. 

In this article we look at an overview of what to consider in each of the four areas.

Companies use digital technology and data in different ways. For some, it's essential for their business model and strategy, while for others it's just one of many resources needed to accomplish their strategic goals. By explaining how important digital technology and data are to a company's strategy, investors can evaluate whether the related processes, procedures, and structures are appropriate.

Digital security and strategy risks affect different functions in an organisation. IT departments can help reduce some risks, but senior management and the board are responsible for overall risk management and its careful consideration in the context of their strategy. Many stakeholders play an important role in reducing risk, such as employees and outside service providers.

To understand risk, we need to know how the world outside of a company affects it and how the company manages and reduces those risks. The board of directors is in charge, making decisions for the company, but what prompts them to do so? The FRC Lab Report: Digital Security Risk Disclosure (August 2022) found several things that motivate boards, such as regulations, opportunities for growth, employees, suppliers, and considering the S172 statement and ESG agenda. There is an opportunity for companies to improve their explanation by making their digital security and strategy governance more integrated and relevant to their internal and external stakeholders.

Businesses deal with various digital security events, both inside and outside of the company, that can affect their strategy, risk management, and governance structures and processes. Investors want to understand what a company does when something happens, the effectiveness of its response, and what it has learned from the experience. All companies face cyber risks, as attacks can happen despite being well prepared. Digital security incidents can cause major disruptions and the number of attacks is growing, especially as companies move more of their operations online. If a company, or one of its suppliers, suffers a cyberattack, reporting what happened and what their response is crucial to supporting a long-term value narrative.

As digital threats continue to escalate, businesses must fortify their digital security reporting practices to mitigate risks effectively. By embracing a holistic approach that encompasses Strategy, Risk, Governance, and Events, companies can proactively address challenges and seize opportunities in the digital realm. The insights shared in this article offer a glimpse into the multifaceted landscape of digital security reporting, providing a foundation for informed decision making. To delve deeper into this subject, and access invaluable resources, including detailed information on diverse threats, strategic frameworks, effective communication strategies, and best-in-class examples, request your copy of our Digital Security Reporting Guide today.