Four Simple Steps to Strengthen Your Governance and Cyber Resilience

October is Cybersecurity Awareness Month, a global campaign led by the National Cybersecurity (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA).

The aim of the month is to help individuals and organisations “stay safe online” and it’s been running for over two decades now.

Why it matters for Company Secretaries and Governance teams

Cybersecurity isn’t just a problem for IT, it’s a potential governance risk for your team and organisation. Breaches and phishing attempts all pose reputational and regulatory risks, we’ve seen a spate of them at big companies already this year and witnessed the knock-on effects the brands suffered. Boards and CoSecs need to be cognizant that the information that they handle, often of a hugely sensitive nature, needs to be safeguarded against potential threats from bad actors.

This is the case for our customers who, when using our platforms, manage insider lists, conflicts, disclosure, and share plan information. At the heart of the good governance needed to be effective in these areas is a culture of trust that is built on secure systems. Our ISO27001 and FSQS credentials are in place to help safeguard our client’s reputations and integrity as much as they are our own.

The Core 4

The 2025 theme for Cybersecurity Awareness Month is “Secure Our World” and it’s bult upon four actions that anyone can take

Applying the Core 4 in governance

Strong passwords

Governance tools store highly confidential and sensitive information and thus, your login credentials should be of the strongest magnitude.

Wherever possible, keep your passwords unique to decrease the risk of leaving your account, and your information, exposed. It might be prudent to invest in an enterprise-level password manager to minimise the risk fully. You should also limit admin rights to those who need this level of access and not as a blanket adoption.

Ideally, you should adopt Single Sign-On (SSO) which centralises authentication and reduces the number of credentials to manage. This makes the attack surface for hackers far smaller and is seen as the ideal in this situation.

Multi-factor authentication tokens

Using systems that generate multi-factor authentication tokens grants you an added layer of protection beyond passwords, requiring users to provide an additional form of verification to prove their identity. This makes it significantly harder for attackers to gain access, even with stolen passwords, because they would need the physical token or software-based code.

Robust governance systems should come with this functionality meaning that you can safeguard important and sensitive information without added effort.

Recognise and report scams

Phishing still remains the most commonly used entry point for cyber incidents, making up 90% of all data breaches. Governance teams are particularly high-risk in this area due to their presence across board matters, including acquisitions.

Be vigilant with communications coming from your board, the rise of AI paired with deepfake technology means that the ability to clone voices mean that even services such as WhatsApp are no longer safe and any voice attachments by email should be questioned. Set-up protocols for quick verification methods from high profile members of the company to ensure you’re not a victim of a scam email or communication.

The price of stolen credentials has dropped in some markets but that is because supply outweighs demand, phishing is still currently the biggest threat to your information’s safety.

Keep software up to date

Out of date software and browsers create unnecessary risk. Security vulnerabilities exist when they’re used because iterative design will often patch potential ‘back doors’ as versions evolve.

SaaS software solutions remove some of that risk by assuming the responsibility of managing updates, security patches and encryption centrally. Ensure that your governance solution provider has a schedule in place to make sure that they aren’t leaving your information vulnerable.

Building a culture of cyber-awareness

Here are some tips for making sure that your company has a robust culture in place for cybersecurity.

Culture starts from the top

Cybersecurity awareness should be part of the overall governance culture of your organisation. That means that the board should set the tone through policies, reporting lines and accountability. There should be clear communication channels between governance, IT, Information Security, and Legal to ensure that consistency and process is established.

Practical actions

Cybersecurity Awareness month provides you with a great reason to refresh your company’s training and policies. Create your own best practice guides or share this link to the NCA’s webinars to ensure that people are aware of what is expected of them.

It’s also a great time to review your access controls, password policies and your risk registers. Lastly, ensure that cybersecurity is a regular item on the agenda item for your Board or Audit committees.

Cytec’s contribution to your cybersecurity efforts

We pride ourselves on putting cybersecurity at the forefront of our efforts. Our solutions are designed with security in mind through encryption methods , SSO, multi-factor authentication, and user permissions. Behind the scenes, we regularly monitor our infrastructure and applications as well as performing penetration tests to ensure that our systems are always secure. We do this because we see our valued clients as partners in governance, not just customers.

Ultimately, cybersecurity is as much of a governance issue as it is an IT one. Every team member has a role to play in protecting information and remaining vigilant so that, when paired with secure systems, your company has stronger resilience.

Making sure these habits are embedded across the company improves compliance and also creates a culture of accountability from the top down to the bottom rung of the organisation. This state of vigilance protects not just the data your company holds but also its reputation.

Further reading: