Five questions for boards to ensure a cyber-safe organisation

Cyber attacks are a constant threat for businesses, however, the COVID-19 pandemic even further heightened this threat and emphasised the importance of cyber security for directors.

The number of cyber security breaches in Australia rose 16% in the first half of 2020, compared to the same period last year, and COVID-19 has been a significant contributor to this rise.

To combat this, the Australian Government recently released its 2020 Cyber Security Strategy which involves investing almost $2 billion dollars over 10 years in a number of measures to shut down cyber-crime.

A successful cyber attack can have a variety of significant impacts on a business including financial loss, damage to equipment and reputational issues. Board members should recognise the serious nature of cyber security and understand it in order to protect their business.


What boards can do

It is important for all directors to assume responsibility for cyber security, not just those with a background in technology. All directors should try to understand as much as possible about technology and cyber security, especially if there is no cyber security expert on the board. Knowledge and education in cyber security will allow directors to have effective conversations with management to understand how potential cyber attacks are being prevented and work with them to develop a strategy.


Key questions for management

Boards should pose five key questions to management:

  1. What is going on in the company from a cyber-security perspective?
  2. What is the cyber security strategy?
  3. What is the cyber security strategy in a disaster?
  4. What is the communication throughout the organisation of the importance of cyber security?
  5. What is the reporting being delivered to the board?

Even the best technology in the world will not prevent a cyber attack if those within the organisation are doing things that allow for attacks. Directors should ensure that cyber security is taken seriously by management and that employees are regularly educated and trained in how to decrease the chances of a breach.


Protecting an organisation from cyber risks is everyone’s role within the business. Improving cyber security is a journey which requires building the right culture, adapting business processes to address digital risks and applying the right levels of controls in response to the threats faced by businesses.


AFS can assist your board to assess your organisations risk exposure and advise on the most efficient and effective mitigation strategies to reduce the risk of a cyber-attack. We can help you implement strategies to ensure a rapid response if you are the victim of, or targeted by, a cyber-attack.


If you would like to discuss putting some processes in place to ensure your business is cyber safe, please give us a call on 03 5443 0344.


Source: Australian Institute of Company Directors <>