Cyber Security Governance Principles

Friday, 21 October 2022

The AICD CSCRC Cyber Security Governance Principles provide a framework of practical better practice guidance to assist Australian directors oversee and engage with management on cyber security risk.


In recent years, AICD members have consistently provided feedback, including via the Director Sentiment Index, that while they are alive to the significant threat that is posed to their organisations by cyber security incidents, they at times lack the tools and knowledge to engage effectively with management.

The Principles will enable directors of all sizes of organisations to ask the right questions of management, spot red flags in how cyber security risk is being managed, promote a culture of cyber security resilience and prepare and respond effectively to significant cyber security incidents.

The Principles draw on the insight of senior Australian directors, cyber security advisors and government.

For SME and NFP directors there is a checklist of practical low-cost steps to enhance cyber security resilience. The AICD and CSCRC is committed to updating the Principles as the cyber security threat and regulatory landscape evolves.

Governing Through A Cyber Crisis

In February 2024 the AICD, in partnership with the CSCRC and Ashurst, published the resource Governing Through a Cyber Crisis. The guidance assists boards and directors with overseeing the effective response and recovery from a material cyber incident and emerge on the other side with a more cyber resilient organisation.  

Watch on demand now

To mark the release of the Principles, we hosted a panel discussion featuring John Mullen AO, Telstra Chair, Melinda Conrad FAICD, NED ASX, and Rachael Falk, CEO, CSCRC. You can watch the recording of the event here.

Latest research

This is of of your complimentary pieces of content

This is exclusive content.

You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.