Cybersecurity and the Board: Is your organisation ready for a cyber incident?


What can organisations do to ensure they have a robust security program in place to prevent, or at the very least prepare, an organisation for a cyber incident? With the increase in breaches hitting Australian organisations, cyber expert and CEO of Morrisec, Dr Sarah Morrison, looks at how boards can navigate the cybersecurity realm.


At the end of last year, I had the pleasure of being one of the panellists for Women on Boards’ final module on their Security Risk and Risk Management for Boards program. One of the questions I was asked and continue to get asked by boards is, what should organisations be doing to ensure they have a robust security program in place to prevent, or at the very least prepare, an organisation for a cyber incident.

Before I begin to answer this question, it is important to note that building an organisation’s cyber resilience and governing for cyber risks forms part of a director’s existing fiduciary duties imposed under both common law and the Corporations Act.

With the increasing breaches and cyber incidents hitting Australian organisations, several resources have been created to help boards navigate the cybersecurity realm. The two documents that stand out for me are the Australian Cyber Security Centre (ACSC) Questions for Boards to Ask About Cyber Security and the Australian Institute of Company Directors (AICD) in partnership with the Cyber Security Cooperative Research Centre (CSCRC) Cyber Security Governance Principles.

I have written a summary of both these publications, with commentary and input based on my own experiences. In it I outline why it is important for any organisation to implement a cyber strategy which is overseen by the board, and also why understanding your organisation's cyber maturity is key.

I also discuss the importance of developing a culture of cyber resilience with the board and organisation and embedding cybersecurity in existing risk management practices.

You can read the article in full HERE.

WOBMeets | Cybersecurity - are you aware of your obligations?

Hear what boards should be doing and the questions you should be asking to ensure you have reasonable oversight over the cyber risks your organisation faces.

When: Adelaide, 21 Feb | Perth, 21 Feb | Brisbane, 22 Feb | Melbourne, 22 Feb | Sydney, 23 Feb | Central Coast, 2 March | Canberra, 21 March 

Latest newsRSS