close
close

Third-party oversight is needed to end systemic risk

Posted on by angelo
Third-party oversight is needed to end systemic risk

Events, Governance and Risk Management, Infosecurity Europe Conference

Legal expert Jonathan Armstrong on breaches and security governance issues

Anna Delaney (annamadeline) •
June 13, 2024



Jonathan Armstrong, Partner, Punter Southall Law

The UK Post Office scandal, which wrongly convicted hundreds of subpostmasters over an IT error, reveals critical weaknesses in cybersecurity and corporate governance. One lesson we can learn: third-party providers must be rigorously supervised to prevent data breaches and ensure transparency at all organizational levels, according to Jonathan Armstrong, partner at Punter Southall Law.

See also: What makes healthcare a prime target for ransomware?

But a major challenge, according to Armstrong, is the board’s ability to oversee technical issues. This is why board members must develop expertise in effectively overseeing IT risks.

“CISOs need to educate their existing board about systemic risks. Many boards need to change their composition to have a more diverse board in every sense of the word – not just ethnicity and gender , which are important, but also the diversity of skills.” he said.

Armstrong said organizations should adopt parallel strategies for immediate incident response and long-term litigation planning. “You have to do everything in real time,” he said. “We need to think strategically in the middle of an incident, not right afterward.”

In this video interview with Information Security Media Group at Infosecurity Europe 2024, Armstrong discussed:

  • The importance of third-party monitoring;

  • The need to strengthen transparency at all levels;

  • Engage Gen Z staff in safety practices.

Armstrong is a compliance and technology attorney. He is considered one of the leading cybersecurity experts and actively advises clients on GDPR compliance and AI-related risks and opportunities.