Directors' 'critical role' in cyber security with launch of new governance principles


Recent cyber incidents at Optus and Medibank are a timely reminder of the importance of cyber security, and the need for boards to have clear guidance on how to best protect their organisation’s data, and most importantly the data of their customers and clients.


In the wake of these attacks, and in an Australian first, the Australian Institute of Company Directors (AICD) and the Cyber Security Cooperative Research Centre (CSCRC) have released a new set of governance principles to help organisations strengthen their cyber security.

The Cyber Security Governance Principles, release on October 21, provide a practical framework for effective board oversight across five key areas:

  •  Roles and responsibilities
  •  Cyber strategy development and evolution
  •  Incorporating cyber into risk management
  •  Building a cyber resilient culture
  •  Preparing and responding to a significant cyber incident

The guidelines come as the government announced it plans to increase fines imposed on companies engaged in serious or repeated privacy breaches to at least $50 million.

The federal government believes the current $2.2 million fine is insufficient after recent cyber-attacks and Attorney-General Mark Dreyfus is set to fast-track amendments to the Privacy Act.

Minister for Cyber Security, Clare O’Neil said: “Building our nation’s cyber resilience is crucial. This will require a huge collective effort across government and industry, with company directors having a critical role to play. These Principles provide a clear picture of cyber security best practice for organisations across the whole economy.”

AICD Managing Director & CEO Mark Rigotti MAICD said: “We are delighted to be releasing these Principles with the CSCRC. Cyber security is a crucial area for boards and we know they are looking for as much support as possible. Building cyber resilience within organisations is ultimately about building resilience across the nation as well as capacity within our teams and organisations.”

Cyber Security Cooperative Research Centre CEO Rachael Falk MAICD said: “Companies must expect to be attacked and the worst thing any organisation can do in this current environment is to proceed with a false sense of security. This is a core risk that has to be incorporated into the everyday business of running any organisation.”

The Principles have been informed by extensive consultation with government, industry experts and the director community.

 Download the Cyber Security Governance Principles document HERE

Join the WOB/McGrathNicol Security Risk webinar on Cyber Security

In the wake of the Optus and Medicare cyber-attacks, it's more important than ever before that Boards evaluate their exposure and the increasing range of security risks.

To find out what you and your board can do to protect against cyber attacks, join the second session of our Security Risks program - which this week will focus on Cyber security risk management. 

Don’t worry if you missed the first session. This is available to download and watch online. 

Register HERE

Note: WOB progams and wokrshops can count towards your AICD DPD points.

Latest newsRSS