BOARD CYBER ADVISORY

Be Cyber Secure: Board Cyber Advisory Service

In the wake of recent cyber security breaches in Australia and elsewhere around the world, the role of Board Education and Cyber Advisory services has never been more critical. The increasing frequency and severity of these incidents have highlighted the vulnerability of companies to cyber threats and the profound impact they can have on a company’s reputation and financial stability.  The decision making of their Board has also been publicly scrutinised.

"Directors have a critical role to play and must seek to lift their own cyber literacy levels, recognising that this is a key risk that can never be eliminated but can be effectively managed."
Hon Clare O’Neil MP, Former Minister for Home Affairs and Minister for Cyber Security

Existing obligations and regulatory requirements

Governing for cyber risks and building an organisation’s cyber resilience forms part of directors’ existing fiduciary duties owed to the company under both common law and the Corporations Act 2001 (Cth) (Corporations Act).

  • Duty to act with care and diligence: Includes ensuring appropriate systems are in place to bolster cyber resilience, as well as prevent and respond to cyber incidents
  • Duty to act in good faith and in the best interests of the corporation:  In making decisions on cyber security on behalf of the company, directors must consider the impact of those decisions on shareholders/members and stakeholders.
  • Reliance on information and advice provided by others: Just because a director does not have specialist knowledge about cyber security does not mean that the director’s standard of care is reduced, and does not absolve directors of their accountability for decision-making.
  • Duty to advise the market where there is an effect on a company’s share price: Directors must advise the market immediately if the company becomes aware of any information would have a material effect (positive or negative) on the company’s share price. In the cyber context, this might apply in the event of customer data loss as a result of a significant cyber incident. This type of event may also expose a company and/or its directors to the risk of a class action.
  • Other statutory obligations: Directors of entities that hold an Australian Financial Services License (AFSL) are also subject to general and specific obligations under Corporations Act. APRA regulated entities are also subject to extensive prudential obligations relevant to cyber security risk.

Introducing Board Cyber Advisory Service by Insicon

Our Board Cyber Advisory Service empowers directors with the knowledge and resources they need to effectively prepare for, and govern through, cyber crises.

This service is extremely complimentary to the Cyber Security Governance Principles, crafted by the Australian Institute of Company Directors (AICD). The Principles offer a hands-on guide designed to empower Australian directors to confidently navigate and engage with their management teams on cyber security risks. This initiative stems from member's feedback who recognise the substantial threats cyber incidents pose to their organisations but sometimes find themselves without the right tools or understanding to effectively collaborate with management.

Yet to an uneducated Board, these Principles can seem overwhelming - and that's where Insicon can assist to ensure your board is prepared, informed, and confident in its decision-making.

cyber-security-governance-principles-cover-505x707px

Size Makes Little Difference

Cyber security threats are a constant concern for organisations of all sizes. All organisations can be susceptible to a single attack which can disrupt operations, compromise sensitive data, and permanently damage your reputation.

"Cyber risk is relative to all organisations. Being aware, being cyber aware, is absolutely critical to all organisations, small to large."
Matt Miller, Insicon

In May 2024, the AICD published 'A Cyber Security Handbook for Small Business and NFP Directors' a joint initiative with the Australian Information Security Association as a resource to assist the directors of SMEs and NFPs to enhance the cyber security posture of these businesses without introducing unnecessary complexity or operational burden.

  1. Set clear roles and responsibilities
  2. Develop, implement and evolve a comprehensive cyber strategy
  3. Embed cyber security in existing risk management practices
  4. Promote a culture of cyber resilience
  5.  Plan for a significant cyber security incident
cyber-security-handbook-1193x844

Why Choose Insicon for Board Cyber Advisory?

Expertise You Can Trust: Our team of cyber security professionals has extensive experience in cyber threats, implementing best practices for cyber security governance, and crisis management. We translate complex concepts into actionable steps aligned with the AICD's recommendations.

Proactive Preparation is Key: We don't wait for a crisis to strike. We'll work with your team to conduct scenario planning, assess vulnerabilities, and ensure your incident response plan is robust and up-to-date.

Comprehensive Support: We offer a wide range of services, including:

  • Scenario Planning and Readiness Assessments
  • Cyber Security Awareness Training for Your Employees
  • Crisis Management Support Throughout All Phases: Response, Recovery, and Remediation
  • Ongoing Guidance and Expertise as Your Trusted Cyber Security Advisor with our CISO as a Service solution

Building Board Confidence: We equip your board with the knowledge and tools needed to fulfil their duty of care regarding cyber risks.

Benefits of Insicon's Board Cyber Advisory Service:

Reduced Risk of Cyber Incidents: Proactive preparation and a strong incident response plan minimise the impact of potential attacks.

Enhanced Board Oversight: Directors gain a clear understanding of cyber threats and their role in mitigating them.

Improved Crisis Management: Clear communication and decisive leadership ensure a timely and effective response to cyber incidents.

Stronger Stakeholder Trust: Proactive cyber risk management demonstrates your commitment to protecting sensitive data and customer information.

Next Steps:

Don't wait for a cyber crisis to test your organisation's preparedness. Contact Insicon today to schedule an initial consultation and learn how our Board Cyber Advisory Service can empower your board to lead with confidence in the face of cyber threats. Our services are tailored to address the specific needs of your organisation, ensuring that you are not only compliant with the latest regulations like ISO 27001, but also equipped to handle the evolving cyber threats. Let us help you maintain the integrity and trustworthiness of your company in the digital age.