Executing Director responsibilities for non Financial risk can be challenging. Keeping up with regulatory change is even more so. ASIC has long maintained a high focus on Cyber security risk and recently called for greater organisational vigilance to combat cyber threats.

In Australia alone, there are planned reforms to the Privacy Act, updates to Security of Critical Infrastructure (SOCI), recent changes to the Essential 8, the introduction of CPS 230 for operational risk management and changes to mandatory reporting. If Cyber security is not your specialisation, how can you keep up?

Even if you understand your regulatory obligations, it doesn't mean you are secure, it just means you have the basics covered.

Given all the risks you need to be across, and with Cyber security being such a profoundly technical focus area, how can you know you are getting it right? For all but the most prominent organisations, employing a Chief Information Security Officer is not feasible, so the responsibility is passed to an already overworked senior security engineer, or worse still, no one at all. And if your technology is outsourced, how do you know your provider gives you the security you need?

We can help by not only providing education sessions and risk appraisals to your Board but also by sharing the questions to ask to ensure you can fulfil your ongoing duties.