Secure your business

Cyber security begins in the C-suite

Keeping data and processes secure is not just an IT issue – it’s a business issue, and it needs company-wide engagement.

Cyber security begins in the C-suite

The digitalisation of the economy is only increasing – if anything, at great speed – meaning cyber risk is also here to stay. Not surprisingly, business surveys consistently show that cybercrime, and its impact on brand and reputation in particular, ranks among the biggest concerns for chief executives.

Companies can harness technology to contain costs, improve business processes, sharpen product and service offerings, and deepen their knowledge of customers. But there’s a flipside to this digital Eden: heightened exposure to potentially catastrophic cyber-breaches.

The frequency of cyber-attacks and internal cyber-bungles, coupled with their potential to cause companies deep and perhaps permanent harm, is prompting a rethink of how companies respond.

Telstra’s chief information security officer, Mike Burgess, and chief risk officer, Kate Hughes, believe the key to creating an effective cyber-risk management response starts with recognising that cyber security is not just an IT risk, but a business risk.

“Cyber risk should not be seen as something separate to be managed differently,” Hughes says. “We’ve developed an overarching governance framework which recognises that cyber risk exists alongside other business risks.”

Cyber security is a business risk first and foremost, which makes it a leadership issue. That starting point is absolutely key to an effective cyber strategy.

– Mike Burgess

A seat at the table

When wise heads gather at the table to discuss the growing problem of cyber risk and data security, that table is located not in the IT department but in the C-suite.

Burgess insists that as long as cyber risk is considered an “IT issue” company-wide buy-in and even C-suite buy-in will be difficult to achieve.

“People will say ‘this is a computer problem therefore it’s not my responsibility, we’ll leave it to the IT department’; that’s the biggest challenge organisations face when it comes to cyber security,” he says.

The way to address this, according to Burgess, is “the constant drumbeat of engagement”.

“Cyber security is a business risk first and foremost, which makes it a leadership issue,” he says. “That starting point is absolutely key to an effective cyber strategy.”

For cyber risk issues to be rigorously canvassed in the C-suite, Hughes adds it is essential to speak the language of the C-suite. This, apparently, is a skill Burgess has down pat.

“Mike engages in a truly commercial way with our leadership team – by that I mean he gets away from the technical jargon and doesn’t treat it as some kind of rare specialisation – he talks about it as a serious commercial business risk,” she says.

“It’s taking cyber risk out of the technical sphere and getting it to a place where we can talk about it in the same way we talk about privacy, business resilience or safety.”

Hughes says the challenge is no less real for her as chief risk officer. “CROs should not let cyber-security risk become something special and different,” she says.

“Risk is risk. Whether it’s digital or real-world, the trick is to apply the same thinking and rigour we do to other significant risks.”


Idea in brief
  • Any company with stored data is at risk of potentially disastrous hacking
  • Companies need to think about both prevention and response strategies
  • Cybercrime, and its impact on brand reputation, is a big concern for any CEO
  • Managing cyber-risk requires company-wide engagement

Related News

Choosing the right network partner
Reach global markets
Reach global markets
Choosing the right network partner

You need a trusted network partner to support your business’ growth. We look at the questions you need to find that partner. An effective digital strategy is a prerequisite for...

Think as one: Bringing your cloud and network together
Optimise your IT
Optimise your IT
Think as one: Bringing your cloud and network together

When your underpinning network and cloud foundation work as one, the promise of innovation can become a reality. Learn how to converge your network and cloud. Together, the ne...

A woman using virtual reality headset
Secure your business
Secure your business
The future of security: Threats, trends and investments

From rising budgets to machine learning, we look at the future trends changing the Australian security landscape. With the security landscape continuing to grow more complex, w...

Better together: Electronic and cyber security convergence
Secure your business
Secure your business
Better together: Electronic and cyber security convergence

Aligning your approach to physical security devices with your cyber security strategy is giving Australian organisations greater visibility over their security estate. Across A...