The ICC task force on cyber-security, comprising experts from IT to the banking sectors, has compiled a cyber-security guide for business.

“It is there to facilitate the dialogue between company owners, executives, and IT experts,” says Elizabeth Thomas-Raynaud, senior policy manager, ICC commission on digital economy, speaking at the 9th World Congress Chambers in Turin.

As the guide indicates, “if something of value is online, it is at risk, and is likely compromised,” yet protecting a business from security breaches is not necessarily a complex or difficult task. “35% of breaches are avoidable, very basic people errors,” including not changing the password often enough and not making it secure enough, according to Thomas-Raynaud, who adds that it is necessary that the leadership commits resources to support and install a resilient mindset.

Along with offering a self-assessment security form, the guide presents five key security principles and a list of potential actions that should be taken as basic starting points. Cyber security insurance can also represent an “important option” says Thomas-Raynaud, because the audit and analysis required to access insurance is a useful evaluation process for a business. Yet, she adds, relying on insurance protection can be dangerous, as businesses need to be proactive about cyber security management.

The guide will be distributed through ICC’s global network of national committees, member companies, business association and chambers of commerce via the ICC World Chambers Federation spanning over 130 countries, and it is online, with translations available, at The ICC is also currently look into offering training in the field.

Understanding cyber-security is all the more important that, according to a note published by Marsh this Thursday (June 8), many jurisdictions place that responsibility on company directors and officers, who could be held personally liable in the event of a cyber-attack.

Beth Thurston, head of management liability, financial and professional practice at the insurance firm, says: “Management boards should develop cyber-strategies that take these legal obligations into account. However, it is clear from recent high-profile cases that such strategies must be more than a box-ticking exercise – the management of cyber-risk now needs to be an intrinsic part of day-to-day life for management boards.”