The AICD is releasing important new Cyber Security Governance Principles to support directors and boards, writes Louise Petschler GAICD. Peak AGM season is also here, with an anticipated focus on climate issues and executive remuneration.
Cyber governance and cyber risk are top-of-mind concerns for directors across all sectors of the community.
In our most recent Director Sentiment Index surveys, Australian directors rated cybersecurity as the top issue “keeping directors awake at night”.
To support directors in this complex area, the AICD is releasing new cyber security governance principles (see the AICD LinkedIn page for details on the complimentary LinkedIn Live event on 24 October).
The AICD has partnered with the Cyber Security Cooperative Research Centre to develop these new, practical principles. Our aim is to fill a gap in practical guidance for directors on the governance of cybersecurity risks, reflecting the independent role of the board (distinct from management or technical experts).
The AICD/CSCRC Cyber Security Governance Principles will support directors in challenging management, identifying governance red flags in cybersecurity approaches, and promoting a more consistent and informed approach to cybersecurity governance.
The principles have been developed after extensive consultation with directors, government, regulators and cybersecurity experts. They include case studies from Australian boards and insights from senior directors. The case studies offer personal reflections from experienced directors on better practice in cybersecurity governance, and strategies to promote a cyber-resilient culture from the boardroom down.
Specific guidance for directors of small-medium enterprises (SMEs) and not-for-profits (NFPs) is also included.
The Cyber Governance Principles are an initiative under our Governance & Policy Leadership focus on increasing contemporary practice support for members.
Cybersecurity and its governance is also a priority for governments and regulators. As David Gonski AC FAICDLife noted in the 2022 NSW Supreme Court Bathurst lecture (see the September 2022 edition of Company Director), the current regulatory framework is fragmented and complex. Organisations face multiple regulators, sector-specific rules and conduct regulations, a tightening cyber insurance market and escalating threats across a range of cyber risk areas.
The AICD is continuing to engage with government, including the Department of Home Affairs, on proposals for a voluntary cyber governance standard.
In our view, the AICD Cyber Security Governance Principles may fill this gap, providing a practical governance framework informed by best practice. The federal government’s Cyber Security Industry Advisory Committee released its 2022 annual report in late August, outlining the heightened threat of cybercrime in Australia, and the need for better regulation, cyber skills and governance.
AICD’s FY23 regulatory priorities
The AICD board recently endorsed top-level regulatory priorities for FY23. These include:
- Cybersecurity: Lifting cyber resilience across the economy is a national security, economic and legislative challenge. The AICD is calling for a coordinated policy approach that supports boards’ risk oversight and promotes a genuine partnership between government and the private sector.
- Market disclosure: Important continuous disclosure reforms passed in 2021 are up for review next year. The AICD wishes to see these amendments — which brought greater balance to liability settings and helped to improve the D&O market — retained.
- Sustainability standards: Australian directors could soon see the biggest change to corporate reporting in a generation. The government has committed to introducing mandatory climate reporting for large businesses, and a harmonised global standard for sustainability reporting is in development. Any phase-in of International Sustainability Standards Board standards must recognise the uplift in practice required and the need for policy settings that encourage good-faith adoption over a focus on legal liability (in Australia, securities class action) risks.
- NFP regulation: With the Assistant Minister for Competition, Charities and Treasury Andrew Leigh taking on a dedicated charities portfolio, the AICD is hoping to see progress on overdue reform in NFP regulation. Fixing fundraising laws is a priority. With many recommendations from the 2018 ACNC Review yet to be actioned there will be many areas of governance focus, including recommendations relating to director duties for charities. The AICD will update members on progress on these priorities, and significant governance reforms and regulations, throughout the year.
AGM peak season approaches
Rolling out in-person and online, the primary 2022 AGM season is underway. Having had more experience with virtual and hybrid meetings because of COVID-19 restrictions, investors will have high expectations of effective participation, with the chair playing an increasingly important role.
In collaboration with the Governance Institute, Law Council of Australia and the Australasian Investor Relations Association, earlier this year the AICD issued guidance on convening and hosting virtual and hybrid AGMs.
The Governance Institute has also recently updated its handy AGM resource for company secretaries and chairs.
Climate change will continue to dominate AGMs, with “say on climate” and activist focus on expanded net-zero plans and disclosure. However, the spotlight on ESG issues at AGMs extends beyond climate, with shareholders demanding company responses on sustainability issues more broadly. Executive remuneration will also dominate AGM and media commentary, on quantum, structure and exercise of board discretion.
Director workload, board gender diversity and director involvement in companies that are perceived to have suffered governance failures or corporate misconduct will remain considerations in director elections. The trend towards increasing “votes against” re-standing directors is expected to continue — global proxy advice firm CGI Glass Lewis estimates that 2021 saw a 25 per cent increase in protest votes for ASX 300 director elections.
Practice resources — supporting good governance
The AICD supports directors with guidance on governance practice issues, including:
Directors’ best interests duty in practice
NFP Good Governance Principles
Ethics in the Boardroom
- Developed with the Ethics Centre, this guide provides a framework to support ethical decision-making practices
Effective Board Minutes
Already a member?
Login to view this content