Cybersecurity is not something that is traditionally thought to be at the top of a company director’s list of responsibilities but company directors are increasingly playing a role in the prevention of cyberattacks. With the high profile Optus data breach impacting customers all across Australia, the spotlight on cybersecurity more than ever. In fact, the importance of cybersecurity is now gaining enough traction that ASIC now considers one of the main duties of a director as ensuring cyber resilience for an organisation.
Board members should have an understanding of what they can do to improve the organisation from a security standpoint. A big part of this is ensuring your organisation is compliant with necessary legal obligations such as those laid out by the Privacy Act and the mandatory notifiable data breach scheme. You are now expected to
This includes ensuring your company is adequately equipped to handle incidents when they occur. Who will be notified? How will it be remediated? What is the damage?
A breach can have significant damage to not just your cyber resources and data but your company reputation. A data breach can cause fear and uncertainty among your clients, board members and shareholders. Due to this it is important that your business has cyber insurance is important to cover your costs in the case of a breach to handle the fallout of a breach.
Going forward – cybersecurity is increasingly creeping into a director’s role and responsibilities to ensuring your organisation is cyber-ready is the key to success.
As more and more large-scale companies are faced with high profile cyber-attacks, this is becoming increasingly important. Not only will you need to work to ensure that you have all the necessary technological controls in place to prevent a cyber-attack, you will need to have a plan in place to be able to manage stakeholders in the event a breach occurs.