Cyber security can and should be managed as a business risk like any other. We can provide the appropriate context and messaging to help boards make informed decisions about cyber security.
Boards increasingly recognise cyber security as a potentially existential threat. In addition, regulatory changes are beginning to make them legally accountable for the effectiveness of their organisation’s cyber security arrangements. This type of accountability is already in place for the financial services sector and the most recent Australian Cyber Security Strategy 2020 makes it clear that more industries will follow suit.
A key challenge for many organisations is addressing the gap between understanding cyber security risks at the board level with the inherently technical nature of cyber risk. High-level risk discussions tend to lack a sufficiently detailed understanding of the threats and vulnerabilities, and technical stakeholders often struggle to put their concerns into the appropriate business context.
As proficient translators between business and highly technical stakeholders, solving exactly these types of problems has been some of our most satisfying work. We can help Boards understand what they need to know about their organisation’s cyber security in order to make confident and informed decisions.