7 Questions directors should ask about cyber and data security. My summary notes following the AICD Australian Governance Summit 2023 session on Cyber Security that asked “Does your Board have the right safeguards in place”.

For the fifth year in a row, cyber threats rank among the top three hazards in the AXA Future Risks Report 2022. Since 2018, cyber security threats have been among the top three expert-ranked risks, trailing only climate change and geopolitical instability in this year's report.

Recent cyber breaches on firms such as the Medibank Cyber Breach and Optus attack serve as a reminder of the importance of cybersecurity and the need for businesses to take precautions against such threats. Boards cannot claim a lack of awareness of the risk to their organisations given the frequency with which data breaches and cyberattacks are revealed. As a result, directors must have a broad understanding of cybersecurity risk and what it means for their oversight responsibilities, as cybersecurity has evolved into a risk that must be addressed as part of a larger enterprise-wide risk management framework rather than as a distinct issue.

Every business needs to gather, process, access, communicate, report, and keep information safe. Information technology is a key part of doing all of these things. So, keeping an eye on information technology is important for good corporate governance.

Building cyber resilience entails putting in place a variety of safeguards and processes to prevent against and respond to cyber threats and assaults. Measures you can take to build resilience in your organisation include