Secure your business

Cyber security begins in the C-suite

Keeping data and processes secure is not just an IT issue – it’s a business issue, and it needs company-wide engagement.

Cyber security begins in the C-suite

The digitalisation of the economy is only increasing – if anything, at great speed – meaning cyber risk is also here to stay. Not surprisingly, business surveys consistently show that cybercrime, and its impact on brand and reputation in particular, ranks among the biggest concerns for chief executives.

Companies can harness technology to contain costs, improve business processes, sharpen product and service offerings, and deepen their knowledge of customers. But there’s a flipside to this digital Eden: heightened exposure to potentially catastrophic cyber-breaches.

The frequency of cyber-attacks and internal cyber-bungles, coupled with their potential to cause companies deep and perhaps permanent harm, is prompting a rethink of how companies respond.

Telstra’s chief information security officer, Mike Burgess, and chief risk officer, Kate Hughes, believe the key to creating an effective cyber-risk management response starts with recognising that cyber security is not just an IT risk, but a business risk.

“Cyber risk should not be seen as something separate to be managed differently,” Hughes says. “We’ve developed an overarching governance framework which recognises that cyber risk exists alongside other business risks.”

Cyber security is a business risk first and foremost, which makes it a leadership issue. That starting point is absolutely key to an effective cyber strategy.

– Mike Burgess

A seat at the table

When wise heads gather at the table to discuss the growing problem of cyber risk and data security, that table is located not in the IT department but in the C-suite.

Burgess insists that as long as cyber risk is considered an “IT issue” company-wide buy-in and even C-suite buy-in will be difficult to achieve.

“People will say ‘this is a computer problem therefore it’s not my responsibility, we’ll leave it to the IT department’; that’s the biggest challenge organisations face when it comes to cyber security,” he says.

The way to address this, according to Burgess, is “the constant drumbeat of engagement”.

“Cyber security is a business risk first and foremost, which makes it a leadership issue,” he says. “That starting point is absolutely key to an effective cyber strategy.”

For cyber risk issues to be rigorously canvassed in the C-suite, Hughes adds it is essential to speak the language of the C-suite. This, apparently, is a skill Burgess has down pat.

“Mike engages in a truly commercial way with our leadership team – by that I mean he gets away from the technical jargon and doesn’t treat it as some kind of rare specialisation – he talks about it as a serious commercial business risk,” she says.

“It’s taking cyber risk out of the technical sphere and getting it to a place where we can talk about it in the same way we talk about privacy, business resilience or safety.”

Hughes says the challenge is no less real for her as chief risk officer. “CROs should not let cyber-security risk become something special and different,” she says.

“Risk is risk. Whether it’s digital or real-world, the trick is to apply the same thinking and rigour we do to other significant risks.”


Idea in brief
  • Any company with stored data is at risk of potentially disastrous hacking
  • Companies need to think about both prevention and response strategies
  • Cybercrime, and its impact on brand reputation, is a big concern for any CEO
  • Managing cyber-risk requires company-wide engagement

Related News

Future job titles infographic
Liberate your workforce
Liberate your workforce
Job titles of the future

As new technologies and ways of working change the way we do business, so too are our job titles evolving. Check out what your next promotion might look like. The workforce we...

Bearded man using computer
Liberate your workforce
Liberate your workforce
The future of contact centres is in the cloud

Cloud-based contact centre solutions are the key to delivering intimate customer experience at enterprise scale. For many businesses today the key to driving performance is c...

Cows carrying a trailer
Optimise your IT
Optimise your IT
4 reasons SD-WAN is a game changer for Asia

SD-WAN is rapidly changing the internet landscape across Asia through smart capacity management and centralised network control. Software Defined Wide Area Networking, or SD-WA...

Two men working on a construction plan
Create transformative innovation
Create transformative innovation
The resource sector’s autonomous haulage revolution

There’s a revolution under way in the mining industry. In remote mines and greenfield sites, autonomous haulage is turning the business model on its head. “These are vehicles ...