Nihon Cyber Defence

Leadership & Cyber Resilience | Vol. l

A Board’s Guide to Navigating Security Challenges

In today’s digital landscape, cyber security is no longer just a technical concern – it’s a critical business imperative. Board members, irrespective of their technical expertise, must ensure their organizations are adequately prepared to defend against cyber threats. Yet, for those without a background in IT or cyber security, understanding how to gain assurance on these risks can be daunting.

In this inaugural article of a thought leadership series, Nihon Cyber Defence (NCD) Board member, John Noble, offers a framework of non-technical questions to help Board members engage meaningfully with cyber security topics. These questions reflect the key challenges and solutions we often discuss with clients across Japan. This is not an exhaustive checklist but an accessible starting point for Board members looking to elevate their cyber leadership.

Understanding the Problem

Before addressing cyber security, Board members must grasp the broader context of their organization’s IT environment:

  • Legacy Systems: How much of our IT infrastructure relies on unsupported, outdated systems? These legacy systems often present significant vulnerabilities.
  • Operational Ownership: Is our IT managed in-house or outsourced to a Managed Service Provider (MSP)?
  • Infrastructure Location: Are our systems hosted on physical, on-premise servers, or are they cloud-based?

Recognizing Threats​

Not all cyber threats are created equal. Boards need to understand who might target their organization and why:

  • Threat Actors: Are we most at risk from hostile states, hacktivists, or cybercriminals?
  • Critical Assets: What are our most important IT systems and data?
  • Key Risks: What do we consider to be the primary cyber risks to those assets?

Assessing Technical Controls

Effective cyber security relies on robust technical and procedural defences. Board members should explore the following areas:

  • Access Management: Are sensitive systems protected by Two-Factor (2FA) or Multi-Factor Authentication (MFA)?
  • Privileged Access: How do we secure administrative or privileged accounts?
  • Network Design: Is our network segmented to contain potential breaches?
  • Phishing Defences: What measures are in place to prevent phishing attacks?
  • Legacy Mitigation: How do we safeguard legacy (out of support) systems, ensuring they’re isolated from internet exposure?
  • Software updates. How quickly can we apply critical updates?
  • System Configuration: Do we regularly verify that our systems are correctly configured?

Fostering a People-Centric Security Culture​

Technology alone cannot secure an organization; people are equally critical:

    • Internal Expertise: Do we employ cyber security specialists, such as a Chief Information Security Officer (CISO)?
    • Workforce Training: What cyber security and data governance training do staff receive?
    • Insider Threats: How do we mitigate risks posed by insiders, whether intentional or accidental?
    • Cultural Alignment: How do we embed a culture of security throughout the organization?

Responding to an Attack

Preparation and resilience are key to minimizing the impact of a cyber-attack:

  • Detection & Response: Do we use automated monitoring or employ Managed Security Service Providers (MSSPs) to detect and respond to incidents?
  • AI Assistance: Are artificial intelligence tools leveraged to enhance detection and response capabilities?
  • Recovery Readiness: Have we recently practiced recovery drills to ensure readiness?

Securing Assurance and Managing Risks

Boards must establish confidence in their cyber security strategies through oversight and external validation:

  • Audits: When was our last external audit, and what were its findings?
  • Third-Party Risks: How do we ensure outsourced IT functions and vendors meet our cyber security standards?
  • Governance: What structures are in place to provide ongoing oversight of cyber risks?

Building Resilience

Cyber resilience is about ensuring continuity, even under attack:

  • Backup Strategies: Are robust data backup and recovery systems in place?
  • Incident Exercises: When did we last conduct a simulated cyber-attack recovery?
  • Insurance: Do we have cyber insurance, and what does it cover?

Empowering the Board Through Continuous Engagement

Cyber security is a dynamic challenge, and Boards must evolve their understanding in tandem. Regular discussions, ongoing training, and scenario planning can strengthen an organization’s ability to face cyber threats with confidence.

John Noble
John Noble

Commander of the Order of the British Empire (CBE), Non-Executive Director @ Nihon Cyber Defence

With 40 years in UK Government, Noble co-founded the UK NCSC, now advises organizations globally on cyber security and strategic transformation.

Edit Template

Cyber Maturity Assessment

Nihon Cyber Defence (NCD) offers comprehensive Cyber Maturity Assessments designed to evaluate an organisations current cyber security capabilities, identify areas for improvement, and develop a strategic roadmap to enhance overall security posture.

Cyber Security Framework (NIST)

National Institute of Standards and Technology

NIST Framework Graphic

Cyber Assessment Framework (CAF)

National Cyber Security Centre

CAF Framework Graphic
Edit Template

More from NCD​

Susumu Toriumi Appointed COO of Nihon Cyber Defence

NCD appoints Susumu Toriumi as Chief Operating Officer to lead growth and scale Japan-built cyber defence solutions across critical infrastructure...

Why Software Is Reshaping Global Warfare

Software is redefining national defence. Explore how Japan, the US, and allies are adapting to software-defined warfare and cyber security leadership...

UNC3944: What Business Leaders Need to Know

UNC3944 is not traditional ransomware. Learn how critical sectors can prepare for persistent access, real-time disruption, and identity-based attacks...

Robert Stevenson Appointed CRO of Nihon Cyber Defence

Robert Stevenson joins Nihon Cyber Defence as Chief Revenue Officer, bringing decades of experience in cyber security, OT, and enterprise tech in Japan...

What Cyber Leaders Need to Know About RansomHub’s Collapse and the Ransomware Cartel Model

Learn how RansomHub’s collapse signals a shift to ransomware cartel models. NCD CTO Toshio Nawa explains what Japanese cyber leaders must know to defend critical sectors...

John Moore Appointed CFO of Nihon Cyber Defence

Nihon Cyber Defence names John Moore as CFO to guide financial strategy and scalable growth. Moore brings over 20 years of leadership experience across Japan, APAC, and global markets, strengthening...

China’s APT Threats to Japan’s Critical Infrastructure

China-linked APT groups—Salt, Volt, and Silk Typhoon—are reshaping cyber warfare. Learn how these threats target Japan’s critical infrastructure and how to respond effectively...

Empowering the Next Generation of Cyber Security Talent

NCD joined the Empower Girls event in Belfast, inspiring 600 young girls to explore careers in cyber security through hands-on learning and role models...

Nihon Cyber Defence and Netcraft Strategic Partnership

NCD and Netcraft are teaming up to deliver real-time phishing detection and takedown in Japan. Learn how this partnership boosts national cyber resilience...
Edit Template