Cybersecurity resilience
Managing cybersecurity risk has evolved into a vital governance concern in today’s operating environment and this month's CGj takes a deep dive into this area of governance practice. Our cover stories look both at the rising regulatory expectations and at the most effective ways to boost organisational resilience in the face of an alarming expansion in cybersecurity threats.
First up, we assess an important milestone in our local cybersecurity regulatory regime. The Protection of Critical Infrastructures (Computer Systems) Ordinance (2025), due to become effective in January 2026, will make it a statutory obligation for organisations designated as critical infrastructure operators to have robust cybersecurity governance frameworks in place.
Our second cover story looks at two techniques – penetration testing and red teaming – designed to evaluate cyber resilience. The former tests specific IT assets for vulnerabilities, while the latter tests whether an organisation’s overall cyber defences are effective by simulating real-world attacks on its systems and networks.
Both cover stories emphasise the pivotal role that members of our profession play in cybersecurity governance. In particular, two aspects of our work make us uniquely well positioned to bring value. Firstly, as an information hub and facilitator of cross-departmental collaboration, governance professionals can bring together various stakeholders – including senior managers, board members and IT professionals – to ensure that cybersecurity frameworks are effective and that they are aligned with the organisation’s risk appetite and strategic objectives. The key message here is that cybersecurity cannot be siloed as solely an IT issue – it is an enterprise-wide concern and must be fully integrated into wider risk management and governance frameworks.
The second, and certainly no less important, aspect of the governance professional role in cybersecurity governance relates to our board support work. Another recurring theme in this month’s cover stories is the crucial importance of effective board oversight. In this context, our role in strengthening the capacity of boards to understand and respond to the ever-expanding threat landscape has become a core part of our responsibility.
As usual, this month’s journal includes a host of other useful articles and, before I conclude, I would like to add my commendations for the new Giving Back column launching in this month’s CGj. This column will feature interviews with the unsung heroes of the Institute’s work. Our Institute has been very successful in maximising the impact of our initiatives by drawing on the knowledge and expertise of a wide network of individuals both inside and outside our membership. Whether as members of our Council, of our committees, panels and working groups, or external collaborators who have joined forces with us in our research and advocacy initiatives, these individuals make an invaluable contribution to the profession.
Our first interviewee for this new column needs no introduction to readers of this journal. For three decades, Edith Shih FCG(CS, CGP) HKFCG(CS, CGP)(PE) has held top leadership positions in our Institute both locally and globally, and has become one of the Institute’s best-known governance ambassadors. I am very happy to see our Institute and journal ‘giving back’ a small token of the credit and recognition she so rightly deserves.
