World-first guidance to help Australian directors govern through a cyber crisis

Wednesday, 28 February 2024

A new world-first guidance will support Australian directors navigate the complex ramifications of a significant cyber incident.

Governing Through a Cyber Crisis: Cyber Incident Response and Recovery for Australian Directors (the guidance), a collaboration between the Australian Institute of Company Directors (AICD), the Cyber Security Cooperative Research Centre (CSCRC) and leading corporate law firm Ashurst, presents a blueprint to support directors prepare for and respond to serious cyber incidents.

Based around the ‘four Rs’ – Readiness, Response, Recovery and Remediation – the guidance covers the most vexing issues directors will face in a cyber crisis, from the development of a cyber incident readiness plan, execution of an effective crisis communications strategy, whether or not to make a ransom payment and the road to rebuilding reputation.

Minister for Cyber Security, Clare O’Neil said business leaders, boards and directors have important obligations to protect their organisations and customers from cyber risks.

“Australians rightly expect businesses to take cyber security seriously. The explosion of cyber incidents over the past two years has shown that we cannot be complacent on cyber. All Australian organisations need to embrace better cyber governance from the board down.

“This guidebook directly supports Action 5 of the Strategy by providing detailed guidance to corporate leaders on cyber preparation, response and recovery. I commend this guidance to Australian organisations of all sizes and encourage leaders to embed these principles into how they do business.”

AICD Managing Director & CEO Mark Rigotti said cyber security was at the forefront of contemporary governance for Australian directors: “Boards have a key governance role to play in dealing with increasing cyber threat. Cyber security is consistently the number one thing keeping directors awake at night and this resource will put them in a stronger position to navigate the challenges posed by cyber risks.”

CSCRC CEO Rachael Falk said the guidance was essential in the face of ever-increasing cyber risks: “Digital systems form the backbone of almost every organisation and, in the event of a significant cyber incident, operations can be crippled. This has huge ramifications – financial, operational and reputational. This guidance will help Australian directors prepare for and navigate these complexities and, hopefully, help build the cyber resilience of Australian organisations.”

Ashurst Risk Advisory partner John Macpherson said: "It's crucial that boards focus on their customer or client base when dealing with cyber risk. In our advice to boards, we have found a customer-centric approach is the best way to manage other related risks ranging from data security to reputation and will also assist a company in preparing for regulatory investigations."

The guidance has been informed by engagement with senior directors who have governed through significant cyber crises and builds on the 2022 AICD/CSCRC Cyber Security Governance Principles.

Download the media release here.

Media contact: Jane Braslin 0439 167 567

Latest news

This is of of your complimentary pieces of content

This is exclusive content.

You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.