“With the digitisation of everything, rising surveillance capitalism, intensive national security monitoring and large intelligence gathering activities, organisational boards worldwide have moved beyond seeing privacy as just a compliance line item”
(Australian Institute of Company Directors: The New Governance of Data and Privacy)

Boards need to be considering where Cyber Risk (and Opportunity) sits within their organisations. How do new data-driven business models and value-chains enhance, or threaten, what they are doing? APRA CPS 234 has lifted the game by tasking Boards with accountability for Cyber Risk management – ensuring capabilities commensurate with the threat. Cyber Risk is fast becoming a whole of business problem, not just an IT problem. Boards should consider their Cyber liabilities as seriously as the consider their financial liabilities. Equally, there is no substitute for improving cyber resilience and communicating the business impacts to the business stakeholders. It is a business problem requiring a transformation of corporate security culture. Organisations should beware of the temptation to bury the problem under cyber insurance, or delegate to their IT department. 

Recommended Reading:

  • “Cyber Risk Leaders” (Shamane Tan) – discusses leadership and influence in the Cyber Age, offering advice from battle-hardened CISOs in Australia and from around the world: https://www.mysecuritymarketplace.com/product/shamane-tan-apac-executive-advisor-privasec/
  • One in five CISOs are now reporting directly to the CEO: https://www.linkedin.com/posts/wandenny_itwire-business-leaders-focus-on-rising-activity-6565048588701843456-19lo

  • Cyber insurance is not a panacea for managing cyber risk: https://www.linkedin.com/posts/wandenny_demand-for-cyber-insurance-grows-as-volatility-activity-6564706912934469632-NkDe