The Lighthouse Programme

""
Enabling directors to govern cyber risk and build resilience

Duration:

  • 3 days over 6 months

Time commitment:

  • Short programme

Locations:

  • Oxford
  • International

This programme is for board directors from a single organisation. It will help them navigate the cybersecurity landscape and improve cyber risk governance.

Delivered in partnership between Oxford Saïd and ISTARI, a Temasek-founded global cybersecurity firm. The programme leverages the CEO Report on Cyber Resilience; a first-of-its-kind study about cyber risk leadership.

About the programme

Cybersecurity governance expectations are rising.

Securities and Exchange Commission (SEC) in the US now requires companies to describe the processes by which the board is informed of cyber risks. But technology and cybersecurity are often gaps in the skills matrix of boards and 98.2% of Standard & Poor's (S&P) board directors do not have expertise with cybersecurity, according to research from The Wall Street Journal.

Demystifying cyber risk

The programme will quip board directors with the knowledge, insights, and practical guidance to become stewards in governing cyber risk and creating cyber resilience. Our approach will demystify cyber risk by putting it in the context of business risk and risk appetite.

We provide an independent evaluation of the board’s cybersecurity governance processes and offer bespoke recommendations and best practices to improve cyber risk governance.

You will also hear from a senior business executive who will share their experience with a serious cyberattack, including mistakes, lessons learned and insights for others.

Join us in building a more resilient future together.

Lighthouse embraces the responsibility to protect your organisation in a digital world. The unique blend of Oxford's academic rigour, and ISTARI’s global network, will shift cyber risk from a daunting challenge to a manageable aspect of governance.

Manuel Hepfer

Research Affiliate and World Economic Forum speaker

Structure

Part 1 - Governance assessment

We conduct 60-minute, structured interviews with each member of the board, the CEO and CISO. We focus on the board’s experience with cybersecurity, the governance processes, committee structures, and the cybersecurity charter and programme from a governance perspective.

Part 2 – Board briefing

At a board meeting we will lead a discussion of the key findings from our governance analysis. We will also share best practices and the principles of good cyber risk oversight.

You will also hear from a senior business executive who will tell the story of a serious cyberattack. 

Part 3 – Debrief

The board will receive a key findings report based on the interview findings and discussion during the board meeting.

We offer debrief conversations with each board member and follow-up check-ins after 6 months. The board continues to have access to a cyber advisor from ISTARI’s network of 3500+ professionals. To satisfy any regulatory requirements, we provide an optional certificate of completion from Saïd Business School, Oxford University.

Benefits

To attendees

  • Enhanced cybersecurity acumen
  • Practical lessons from others who have experienced a cyberattack
  • Understanding how cyber risks impact business
  • Access to latest research and case studies
  • Certificate of completion from Saïd Business School

To the organisation

  • Improved cyber risk governance
  • Regulatory compliance
  • Enhanced organisational cyber resilience and organisational alignment

Faculty

Insights

The programme draws insights from our work with CEOs and Chairs from both organisations.

Next steps