No captionThe second biennial Directors\u2019 Risk Survey by Marsh and the Institute of Directors (IoD), finds technological disruption and cybersecurity are now top issues across New Zealand boardrooms.Cyber was ranked number two this year, which clearly shows how much things have changed on the technology front over the last 24 months,the report states. In 2013, cyber was ranked as the number two emerging risk and did not feature as a key external risk.\u201cDirectors need to approach cybersecurity as a whole of business issue,\u201d says IoD CEO Simon Arcus.\u201cThe board\u2019s role in technology governance is about leadership in this new era \u2013 put cybersecurity on the agenda before it becomes the agenda,\u201d he tells CIO New Zealand. \u201cIt is also important for directors to ensure its board has the skills and experience to ask management, CIOs, CDO or technology teams the right questions to ensure confidence in the organisation\u2019s resilience.\u201dThe survey, designed to gauge directors\u2019 views on a wide range of risk issues, was conducted in November 2015 with 526 IoD members as respondentsArcus says cybersecurity and digital strategy were on the minds of directors in an unprecedented way. \u201cMost businesses use or rely on technology to operate \u2013 cyber risk is a reality of our times \u2013 so the ability of boards to consider it as part of enterprise risk is critical in ensuring directors are confident about business resilience.\u201dThe report notes how the recent Ashley Madison data breach and the attack on Sony in the US prove that these risks are real.\u201cCyber risk does not have borders and does not discriminate. Whether it is a business, from SMEs to large corporates, or a government department all have felt the wrath of cyber attacks.\u201dSimon Arcus of Institute of DirectorsCyber risk is a reality of our times \u2013 so the ability of boards to consider it as part of enterprise risk is critical in ensuring directors are confident about business resilience.Simon Arcus, IoDOver a quarter - 27.8 per cent - of directors said that they did not have a procedure in place to manage this risk. With the prevalence of cyber attacks both locally and across the globe it is imperative to have plans in place to manage this risk and the consequences.Directors not only need to consider the risks to their own business but also that of their business partners and suppliers, the report stresses. Suppliers can be used as a \u201cback door\u201d to get into a larger, more high profile organisation. \u201cAttackers often identify smaller business partners that are typically less well protected to get to a bigger target.\u201dArcus says it is encouraging going into a New Year that risk remains a common conversation at the board table. \u201cManagement of risk \u2013 is critical to a board providing strategic leadership and creating value. Risks change and evolve and the need to stay current is emphasised by this report,\u201d says Arcus. \u201cTechnology is an integral part of business capability and boards need to take responsibility to be able to lead in this new era.\u201dTechnological disruption continues to be a prominent business risk, with cyber-risk emerging as a key external risk for the first time. Most directors (56.1 per cent ) believe risk is increasing in today\u2019s business environment, with 74.5 per cent of directors saying their boards are spending more time discussing risk management than they were two years ago.Most directors are confident that they could handle a major IT disruption with 90.6 per cent saying they have a procedure in place to manage, although just 19.4 per cent can manage data loss and even more 35.2 per cent are not able to keep up with technological advances.Steve Walsh, Marsh executive director, says the ranking of cyber risk in this year\u2019s survey to the second highest organisational risk, shows how things have changed in 24 months. \u201cTechnology is such a critical part of any organisation\u2019s operation that it can be very detrimental if it fails or if you can\u2019t keep up with the competition.\u201d He says boards must address technology issues as part of their regular risk reviews. \u201cAny organisation that doesn\u2019t have strategies in place to deal with these issues, such as cyber, is leaving themselves hugely exposed.\u201d Related: We must be cognisant that the bad guy is agnostic of any hierarchy. Information security is a cultural and organisational issue \u2013 not a technical one. Every major breach in the world has confirmed this. - Victor Vae'au, NZ Defence Force CIOSend news tips and comments to firstname.lastname@example.orgFollow Divina Paredes on Twitter: @divinapClick here to\nread digital editions of CIO\nNew ZealandSign up for CIO newsletters for regular updates on CIO news, views and events.Join us on Facebook.Join the CIO New Zealand group on LinkedIn.\nThe group is open to CIOs, IT Directors, CDOs, COOs, CTOs and senior IT\nmanagers.