Navigating Cybersecurity: Essential Guidance for Company Directors

Damien Cantelo
December 7, 2023

In today's digital age, company directors face increasing challenges in cybersecurity management. Recent statements from ASIC and the Australian Institute of Company Directors (AICD) highlight the critical need for directors to act with diligence in this arena. This article explores the essential steps and responsibilities directors must undertake to safeguard their organizations against cyber threats.

Regulatory Compliance and ASIC's Warning

ASIC chair Joe Longo's recent statements underscore the legal implications for directors who neglect cyber risk management. Longo emphasizes that cybersecurity should not be a peripheral concern but a central aspect of a director's duties. Directors failing to integrate cyber risk management into their oversight responsibilities may face enforcement action, highlighting the significance of cybersecurity in the corporate governance landscape.

The AICD's Cyber Security Governance Principles

The Australian Institute of Company Directors (AICD) reinforces the importance of comprehensive cybersecurity governance. Their principles serve as a critical guide for board members, urging them to incorporate robust cyber risk management strategies into their governance practices. These principles are not only a blueprint for minimising cyber risks but also a directive for maintaining regulatory compliance and enhancing organisational resilience.

Practical Steps for Directors

Andy Penn, chair of the federal government's Cyber Industry Advisory Committee, emphasises actionable steps for directors. Understanding what data is held and having a clear inventory of IT systems are pivotal. He advocates for a well-formulated response plan to address data breaches and system hacks. This practical approach focuses on an inventory of systems and data sets, paired with a proactive recovery plan, ensuring directors are equipped to mitigate cyber risks effectively.

  1. Data Awareness: Know the types of data held by the organisation.
  2. System Inventory: Maintain a comprehensive inventory of IT systems.
  3. Upgrade Planning: Develop plans for systematic upgrades.
  4. Breach Response Planning: Have a strategy for managing and recovering from data breaches.
  5. Repair and Recovery: Understand how to repair systems post-hack.

National Cyber Security Strategy

The 2023-2030 Australian Cyber Security Strategy aims to establish Australia as a global leader in cybersecurity. The strategy, developed with inputs from industry experts like Andy Penn and Air Marshal Mel Hupfeld, seeks to bolster national cyber resilience. The AICD's contribution to this strategy underscores their commitment to shaping a robust cybersecurity landscape. This strategic initiative reflects a comprehensive national effort to enhance cyber security and resilience across various sectors.

AICD’s Role and Training for Directors

The AICD has played a significant role in shaping the cybersecurity landscape for directors. By participating in the development of the National Cyber Security Strategy and hosting discussions on cyber governance, they emphasise the importance of informed leadership in cybersecurity. Additionally, the AICD offers a specialised course titled "The Board’s Role in Cyber," which is designed to equip directors with the knowledge and tools necessary to develop effective cyber resilience strategies.

Call to Action for Company Directors

Directors must proactively engage with their cyber responsibilities to safeguard their organisations. Apollo Secure offers support in this domain, providing discussions and a free cyber assessment. Directors are encouraged to reach out to better understand their obligations and to bolster their company's cyber defenses.


The landscape of cybersecurity is evolving rapidly, and directors play a crucial role in steering their organisations safely through these changes. By understanding and implementing these principles and practices, directors can significantly enhance their organisation's cyber resilience.

Additional Resources:

Related Blogs