Make digital risk part of the board discussion


Risk is part of doing business. Investing into a new mining facility or launching into a new vertical – in fact, almost every strategic decision by an organisation – carries a degree of risk. It is understood, assessed and weighed up against potential outcomes before a decision is made.

Why then is cybersecurity’s role in positive business outcomes still not widely or well understood in Australian boardrooms?

Every day we hear about businesses and government agencies being breached, often to a quite staggering degree. Now, we don’t often know the full story or extent of the problem until later down the line – sometimes years later. But the very fact that critical data and assets are constantly compromised tells us that a key aspect of the business hasn’t been properly risk assessed.

This is not an issue unique to Australia; it’s prevalent globally. In fairness, there are some attacks that could not have been prevented.

What we are learning from the US Senate’s select committee on intelligence on last year’s attack on SolarWinds is that the degree of resources and hacker innovation can be overwhelming even for the best prepared organisation. Microsoft President Brad Smith estimated in testimony during the hearing that at least 1,000 skilled engineers were part of the attackers’ resource pool.

But this is an exception. Most cyber attacks can be prevented from causing severe damage to an organisation. Their mitigation is, in part, down to how digital or cyber risk is understood at the executive level.

The level of understanding around this area would be less concerning if digital wasn’t an essential building block of so many key business initiatives. But it is key to so much. Huge focus and large investments are being made in digital transformation initiatives. Businesses are becoming more reliant on digital technologies to accelerate the pace of innovation, gain a leg up on the competition and improve business performance…Click here to download the magazine.