Part of Cyber security guide for non-executive directors
What cyber security is
Defining cyber security
Cyber security is how individuals and organisations reduce the risk of cyber attacks.
Cyber security’s core function is to protect information from theft or damage and this is delivered through both protection of devices we all use (smartphones, laptops, tablets and computers), and the services we access – both online and at work – from theft or damage.
It’s also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.
National Cyber Security Centre, 2025
Cyber security is about protecting the confidentiality, integrity and availability of digital data, information and systems:
Confidentiality: keep data private and limit access to authorised users.
Integrity: ensure data accuracy and prevent unauthorised alterations.
Availability: maintain access to data and systems when needed.
Information is the lifeblood of an organisation. With increasing automation and the reliance on connected systems, a compromise in one area could impact the entire organisation and its patients. The increased dependency on digital technology to enable a broad, joined up and sustainable healthcare system, means that any technology failure or unavailability can be catastrophic.
Understand your strategies
- Is cyber security risk on the BAF (Board Assurance Framework)?
- What your key cyber security risks are and how they are being prioritised and mitigated
- Who is accountable for cyber security and who is responsible? Where are decisions made and recorded?
- Which data and systems you care about most and whether any risk assessments have been carried out
- What is your risk appetite and is it documented?
- Is it clear how the organisation maintains critical services and protects patient interests in the event of a prolonged cyber event?
Last edited: 15 July 2025 4:42 pm