The Australian Institute of Company Directors (AICD), the Cyber Security Cooperative Research Centre and law-firm Ashurt have created a 62-page Blueprint to “support directors prepare for a respond to serious cyber incidents.”
Governing Through a Cyber Crisis: Cyber Incident Response and Recovery for Australian Directors (the guidance) is a collaboration between the Australian Institute of Company Directors (AICD), the Cyber Security Cooperative Research Centre (CSCRC) and global corporate law firm Ashurst. The organisations have presented a blueprint to support directors prepare for and respond to serious cyber incidents.
Based around the ‘four Rs’ – Readiness, Response, Recovery and Remediation – the guidance covers the most vexing issues directors will face in a cyber crisis, from the development of a cyber incident readiness plan, execution of an effective crisis communications strategy, whether or not to make a ransom payment and the road to rebuilding reputation.
The 62-page guide can be downloaded here, and the 4-page snapshot can be downloaded here, too.
Of course, to say this is a true “world-first” isn’t quite true – Peter Coroneos, founder of Cybermindz.org, is the co-author of a publication titled the “Cyber Breach Communications Playbook“.
There’s also the issue of mental wellness in cyber security, with human error a big factor in breaches these days
Minister for Cyber Security, Clare O’Neil said business leaders, boards and directors have important obligations to protect their organisations and customers from cyber risks.
“Australians rightly expect businesses to take cyber security seriously. The explosion of cyber incidents over the past two years has shown that we cannot be complacent on cyber. All Australian organisations need to embrace better cyber governance from the board down.
“This guidebook directly supports Action 5 of the Strategy by providing detailed guidance to corporate leaders on cyber preparation, response and recovery. I commend this guidance to Australian organisations of all sizes and encourage leaders to embed these principles into how they do business.”
AICD Managing Director & CEO Mark Rigotti said cyber security was at the forefront of contemporary governance for Australian directors: “Boards have a key governance role to play in dealing with increasing cyber threat. Cyber security is consistently the number one thing keeping directors awake at night and this resource will put them in a stronger position to navigate the challenges posed by cyber risks.”
CSCRC CEO Rachael Falk said the guidance was essential in the face of ever-increasing cyber risks: “Digital systems form the backbone of almost every organisation and, in the event of a significant cyber incident, operations can be crippled. This has huge ramifications – financial, operational and reputational. This guidance will help Australian directors prepare for and navigate these complexities and, hopefully, help build the cyber resilience of Australian organisations.”
Ashurst Risk Advisory partner John Macpherson said: “It’s crucial that boards focus on their customer or client base when dealing with cyber risk. In our advice to boards, we have found a customer-centric approach is the best way to manage other related risks ranging from data security to reputation and will also assist a company in preparing for regulatory investigations.”
The guidance has been informed by engagement with senior directors who have governed through significant cyber crises and builds on the 2022 AICD/CSCRC Cyber Security Governance Principles.