Secure your business

Cyber security begins in the C-suite

Keeping data and processes secure is not just an IT issue – it’s a business issue, and it needs company-wide engagement.

Cyber security begins in the C-suite

The digitalisation of the economy is only increasing – if anything, at great speed – meaning cyber risk is also here to stay. Not surprisingly, business surveys consistently show that cybercrime, and its impact on brand and reputation in particular, ranks among the biggest concerns for chief executives.

Companies can harness technology to contain costs, improve business processes, sharpen product and service offerings, and deepen their knowledge of customers. But there’s a flipside to this digital Eden: heightened exposure to potentially catastrophic cyber-breaches.

The frequency of cyber-attacks and internal cyber-bungles, coupled with their potential to cause companies deep and perhaps permanent harm, is prompting a rethink of how companies respond.

Telstra’s chief information security officer, Mike Burgess, and chief risk officer, Kate Hughes, believe the key to creating an effective cyber-risk management response starts with recognising that cyber security is not just an IT risk, but a business risk.

“Cyber risk should not be seen as something separate to be managed differently,” Hughes says. “We’ve developed an overarching governance framework which recognises that cyber risk exists alongside other business risks.”

Cyber security is a business risk first and foremost, which makes it a leadership issue. That starting point is absolutely key to an effective cyber strategy.

– Mike Burgess

A seat at the table

When wise heads gather at the table to discuss the growing problem of cyber risk and data security, that table is located not in the IT department but in the C-suite.

Burgess insists that as long as cyber risk is considered an “IT issue” company-wide buy-in and even C-suite buy-in will be difficult to achieve.

“People will say ‘this is a computer problem therefore it’s not my responsibility, we’ll leave it to the IT department’; that’s the biggest challenge organisations face when it comes to cyber security,” he says.

The way to address this, according to Burgess, is “the constant drumbeat of engagement”.

“Cyber security is a business risk first and foremost, which makes it a leadership issue,” he says. “That starting point is absolutely key to an effective cyber strategy.”

For cyber risk issues to be rigorously canvassed in the C-suite, Hughes adds it is essential to speak the language of the C-suite. This, apparently, is a skill Burgess has down pat.

“Mike engages in a truly commercial way with our leadership team – by that I mean he gets away from the technical jargon and doesn’t treat it as some kind of rare specialisation – he talks about it as a serious commercial business risk,” she says.

“It’s taking cyber risk out of the technical sphere and getting it to a place where we can talk about it in the same way we talk about privacy, business resilience or safety.”

Hughes says the challenge is no less real for her as chief risk officer. “CROs should not let cyber-security risk become something special and different,” she says.

“Risk is risk. Whether it’s digital or real-world, the trick is to apply the same thinking and rigour we do to other significant risks.”


Idea in brief
  • Any company with stored data is at risk of potentially disastrous hacking
  • Companies need to think about both prevention and response strategies
  • Cybercrime, and its impact on brand reputation, is a big concern for any CEO
  • Managing cyber-risk requires company-wide engagement

Related News

Smiling men at work
Liberate your workforce
Liberate your workforce
2018: The year of employee engagement

New technologies and techniques are changing the way HR professionals maintain employee engagement. Traditional methods of office communication such as phone, email and confere...

Hangers in a wardrobe
Optimise your IT
Optimise your IT
Change rooms change it up: SD-WAN for retailers

What do SD-WAN and a change room have in common? VeloCloud’s Vice-President, Asia-Pacific, Joseph Chung explains how you can use SD-WAN to boost customer experience. How much ...

crossroads in a city with pedestrians
Reach global markets
Reach global markets
Q&A with Paul Abfalter: Building Asia’s digital network

We sat down with Paul Abfalter, Business Development Strategist and Regional Director for Telstra, to discuss the factors affecting digitalisation in the Asia Pacific region. I...

Woman with glasses working on a computer in a server room
Create transformative innovation
Create transformative innovation
Preparing for the unexpected with Stephen Elop

From the printing press to the Internet of Things, exciting disruptions often come with profound unintended consequences for business and society. Tune into our podcast with St...