Risk culture: Deepening the focus on cybersecurity

This month, we discuss the evolving landscape of cyber risk management, focusing on healthcare and broader industry implications. James Parker, a cyber professional, shares insights from the 2017 WannaCry ransomware attack on the NHS, highlighting the lack of cyber skills and awareness among staff, and the slow prioritisation of IT projects. Lutz Naake, a partner at EY, emphasises the importance of identifying critical IT systems and implementing proper controls, noting the challenges companies face in cyber risk management. They stress the need for shared language and understanding between cyber professionals and business leaders to effectively manage and prioritise cyber risks. The conversation also touches on the impact of emerging regulations like the EU's NIS2 directive and AI Act on cybersecurity practices.