Secure your business

Cyber security begins in the C-suite

Keeping data and processes secure is not just an IT issue – it’s a business issue, and it needs company-wide engagement.

Cyber security begins in the C-suite

The digitalisation of the economy is only increasing – if anything, at great speed – meaning cyber risk is also here to stay. Not surprisingly, business surveys consistently show that cybercrime, and its impact on brand and reputation in particular, ranks among the biggest concerns for chief executives.

Companies can harness technology to contain costs, improve business processes, sharpen product and service offerings, and deepen their knowledge of customers. But there’s a flipside to this digital Eden: heightened exposure to potentially catastrophic cyber-breaches.

The frequency of cyber-attacks and internal cyber-bungles, coupled with their potential to cause companies deep and perhaps permanent harm, is prompting a rethink of how companies respond.

Telstra’s chief information security officer, Mike Burgess, and chief risk officer, Kate Hughes, believe the key to creating an effective cyber-risk management response starts with recognising that cyber security is not just an IT risk, but a business risk.

“Cyber risk should not be seen as something separate to be managed differently,” Hughes says. “We’ve developed an overarching governance framework which recognises that cyber risk exists alongside other business risks.”

Cyber security is a business risk first and foremost, which makes it a leadership issue. That starting point is absolutely key to an effective cyber strategy.

– Mike Burgess

A seat at the table

When wise heads gather at the table to discuss the growing problem of cyber risk and data security, that table is located not in the IT department but in the C-suite.

Burgess insists that as long as cyber risk is considered an “IT issue” company-wide buy-in and even C-suite buy-in will be difficult to achieve.

“People will say ‘this is a computer problem therefore it’s not my responsibility, we’ll leave it to the IT department’; that’s the biggest challenge organisations face when it comes to cyber security,” he says.

The way to address this, according to Burgess, is “the constant drumbeat of engagement”.

“Cyber security is a business risk first and foremost, which makes it a leadership issue,” he says. “That starting point is absolutely key to an effective cyber strategy.”

For cyber risk issues to be rigorously canvassed in the C-suite, Hughes adds it is essential to speak the language of the C-suite. This, apparently, is a skill Burgess has down pat.

“Mike engages in a truly commercial way with our leadership team – by that I mean he gets away from the technical jargon and doesn’t treat it as some kind of rare specialisation – he talks about it as a serious commercial business risk,” she says.

“It’s taking cyber risk out of the technical sphere and getting it to a place where we can talk about it in the same way we talk about privacy, business resilience or safety.”

Hughes says the challenge is no less real for her as chief risk officer. “CROs should not let cyber-security risk become something special and different,” she says.

“Risk is risk. Whether it’s digital or real-world, the trick is to apply the same thinking and rigour we do to other significant risks.”


Idea in brief
  • Any company with stored data is at risk of potentially disastrous hacking
  • Companies need to think about both prevention and response strategies
  • Cybercrime, and its impact on brand reputation, is a big concern for any CEO
  • Managing cyber-risk requires company-wide engagement

Related News

Male and female brainstorming
Liberate your workforce
Liberate your workforce
Why business needs Millennials

The generation that grew up on the internet and social media is flooding into the workforce. We explore how business and digital natives can work together.

Female paying on mobile phone
Reach global markets
Reach global markets
3MI™: Telstra’s index pinpoints exponential growth

Australia’s banking and finance industry has a once-in-a-generation opportunity for exponential growth – by embracing Millennials, their mobiles and their money.

Man using tablet in cafe
Create transformative innovation
Create transformative innovation
Why digital disruption isn’t done yet

We talk to entrepreneur and ShopFully Co-Founder Stefano Portu about dotcom booms and busts and whether the age of digital disruption is sustainable.

Man using tablet in meeting
Create transformative innovation
Create transformative innovation
Five ways to maintain innovation in public service

Innovation is at the heart of the Australian public’s vision for the future of government service delivery. We explore how the public sector can maintain its digital momentum. ...