Feedback on the training session for board members of the “Trust4SMEs” cybersecurity support programme for SMEs
Small and medium-sized enterprises – or SMEs – are prime targets for cybercriminals. Often poorly armed and unprepared for cyber attacks, they are ideal entry points for larger companies.
“It is not IF but WHEN piracy will happen!” In view of this, boards need to develop new approaches to leadership:
- One in five SME managers feel that they are not sufficiently informed on the subject of cyber security.
- ⅓ of SMEs in Switzerland have already been the victim of a cyber attack and the trend is rising (+44% in 2021)
- Approximately 60% of data breaches occur via third-party vendors (source: Forrester).
One problem regularly encountered by SMEs is :
➔ understanding of the issues and, above all, the involvement of their management and board members in the subject of digital assets in relation to cyber security.
This major challenge has also been noted within the framework of the Trust4SMEs pilot programme, which helps companies in French-speaking Switzerland to develop their skills in the areas of cybersecurity and digital trust.
Today’s administrators need to be knowledgeable leaders giving priority to cybersecurity in showing they committment. Many directors know this, and are still looking for answers on how to proceed. They mainly look for:
A problem regularly encountered by SMEs is the understanding of the issues at stake and, above all, the involvement of their management and members of their board of directors in the subject of digital assets in relation to cybersecurity. The responsibility of the board of directors is first and foremost to know what the risks are but also to benefit from
understanding the cyber risks and duties of boards of directors, as well as how to identify opportunities for the company’s digital assets.
In effect, the board’s responsibility is primarily:
➔ fiduciary responsibility to shareholders
➔ oversight responsibility for business risk management
In response to the specific feedback received from the 25 SMEs in French-speaking Switzerland that benefit from the Trust4SMEs support programme, the Trust Valley team has developed a training module dedicated to board members.
This module was first organised on 2 November 2022, face-to-face at the EPFL Innovation Park for 34 board members, and a second time online on 10 November 2022, for 22 members of company management and boards.
Lennig Pedron, Director of the Trust Valley and Virginie Verdon, founder of Board Academy, independent board members, moderated this session. Jacques Boschung, SVP & GM EMEA of Kudelski Security joined the session on 10 November to share his advice and experience as a board member.
In the framework of this special module, the trainers took into account the expectations raised by the SMEs’ operational teams but also introduced new notions linked to their expertise and experience in cybersecurity or business management. In particular, the role and responsibilities of board members in the context of prevention of cyber attacks and incidents were discussed.
The speakers went back over the legal aspects (including the revision of the LPD, which will be applied on September 1, 2023) and shared some concrete cases of attacks with a criminal risk that needs to be protected against. They also provided practical advice on how to deal with cyber threats and examples of opportunities to develop digital assets. These moments of exchange represent one of the many strong points of the Trust4SMEs programme; they allow concepts to be anchored in concrete cases, and participate in the creation of a resilient and mutualised regional ecosystem facing cyber risks, while at the same time enhancing business opportunities.
The Trust Valley team is looking forward to the other sessions of the program and many exchanges with the 25 supported companies and the 15+ programme partners!