Most of today’s key information systems are no longer paper-based, but electronic. The recent experience of TalkTalk has led to nervousness amongst many organisations as to whether their systems are sufficiently robust and resilient to withstand intrusion by those who have criminal intent and seek to obtain financial and personal data.
While higher education institutions (HEIs) may feel they have less to fear than broadband or retail companies, they cannot be complacent.
Detailed knowledge of information systems and cyber security is frequently an area of weakness for many governing bodies. The predominant age groups and backgrounds of many governors, and often the executive team, mean that few governing bodies have security experts amongst their membership. Members are themselves normally ‘digital immigrants’, rather than ‘digital natives’.
So what are governing bodies to do? First and foremost, they need to be confident that the institution’s systems are sufficiently robust and resilient to withstand attempts to gain unauthorised access. Governing bodies will have greater confidence about any assurance if, for example, the information systems have also been subject to thorough testing and probing by an independent and external body.
Most internal auditors employ specialist staff and provide a service to test an institution’s systems to establish their resilience to withstand cyber attack. An institution’s Audit Committee should consider whether it needs to request the internal auditor or alternatively a specialist security company to simulate potential cyber attacks and test the institution’s defences.
While HEIs may believe they are not exposed to the same degree as many commercial business, they would be unwise to ignore the risk of service disruption and reputational damage that a cyber attack could bring.
We are a membership organisation of and for a sector that has some of the brightest minds in the UK.
Our members are key to our strategy and form a community of higher education institutions with a clear commitment to and experience of developing leadership, governance and management capabilities at all levels. Academic and professional services staff from member institutions contribute to our programmes, projects and research and advise on benefits and services.
Find out more about Membership
Enter your HEI name here
Meet the membership team, your national and regional contacts in the UK and Ireland, and LF networks.