QTY	Product	Price	Edit
	{{ item.title }} {{ item.secondaryItem.title }} Availability - Places available Availability - In stock This product is already registered. View all enrolled courses/webinars	{{ (item.price * item.quantity) \| currency }} FREE {{ (item.secondaryItem.price * item.secondaryItem.quantity) \| currency }} FREE

Subtotal	{{ subTotal \| currency }} $0.00
Total inc. GST	AUD {{ total \| currency }} $0.00
Package Discount Package Discount If you enrol in all three Foundations of Directorship courses, you will receive a package discount. Already applied	-{{ packageDiscount \| currency }}
Member Discount	-{{ discount \| currency }}

Why leadership is your strongest defence in a cyber incident

Wednesday, 03 September 2025

Cyber security Strategy and risk

In a cyber incident, your leadership is your strongest defence.

We unpack five practical actions directors can take today to reduce legal and reputational risk when a cyber attack hits:

Cyber threats are increasingly sophisticated and frequent, so organisations must be prepared to respond, not just with technical expertise but with clear decisive leadership.

Cyber is not just an IT problem — it’s a business crisis that impacts brand reputation, stakeholder trust and operational continuity with ever-increasing legal exposure.

In a cyber attack, meeting customer expectations and protecting the interests of the business is challenging. Customer experience needs to be front and centre. How the customer experiences an incident can directly impact the reputational harm experienced, and influence regulator scrutiny.

Regulators are sharply focused on what was in place prior — to protect customers from exposure — not simply that the incident took place.

What security posture did the company take? Could it have been better? What was in place to protect customer data? Did the company retain too much data, increasing the exposure to greater than necessary?

Wotton Kearney has been involved in hundreds of incidents, often being asked, what is the board’s role in a cyber incident? What practical steps can directors take to mitigate against reputational and legal risks?

Australia's leading magazine for directors.

How reshaping regulation will supercharge productivity

Here are the top five actions you can take now to ensure you are prepared for any incident:

1. Ensure your incident response plan clearly assigns roles across the executive and crisis management committee.

What decisions require board approval and what is the process for getting that approval?

2. Nominate a board representative to be the board’s eyes and ears during an incident. Too many cooks in the kitchen slow the decision-making process.

3. Test the incident response plan by conducting multiple tabletop scenarios to ensure it is fit for purpose. Does it work? Does everyone from the board to the executive know their role?

4. Know what security controls are in place to protect the most sensitive data. If they are not adequate, then do something about it. Regularly evaluate whether you still need the data you hold and delete what you don’t. Are vendors and partners held to the same cybersecurity standards?

5. Have well-established vendor relationships in place including cybersecurity forensic vendors, lawyers, incident response managers and crisis communication experts. Use the experience of these experts to guide you. Don’t take on these functions internally — obtain objective and experienced help.

Cyber security Strategy and risk

Latest news

This is of of your complimentary pieces of content

Access this content

This is exclusive content.

You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.

Access this content