The firm partnered with the AICD and the CSCRC on the guidance geared towards company directors
Ashurst has co-authored a guide for cyber crisis governance in partnership with the Australian Institute of Company Directors (AICD) and the Cyber Security Cooperative Research Centre (CSCRC).
As per a media release from the firm earlier this year, the guidance is entitled Governing Through a Cyber Crisis: Cyber Incident Response and Recovery for Australian Directors and provides a blueprint to help directors be ready for and react to severe cyber threats. It is structured around “readiness, response, recovery, and remediation”.
The guidance addresses significant issues directors are expected to encounter during a cyber crisis. It also includes tips on devising cyber incident readiness plans, implementing an effective crisis communication strategy, deciding whether to make ransom payments, and developing reputation rebuilding strategies.
“It's crucial that boards focus on their customer or client base when dealing with cyber risk. In our advice to boards, we have found a customer-centric approach is the best way to manage other related risks ranging from data security to reputation and will also assist a company in preparing for regulatory investigations”, Ashurst Risk Advisory partner John Macpherson said.
The guidance builds upon the 2022 AICD/CSCRC Cyber Security Governance Principles and was developed through discussions with senior directors who led their organisations through major cyber crises.
“Australians rightly expect businesses to take cyber security seriously. The explosion of cyber incidents over the past two years has shown that we cannot be complacent on cyber. All Australian organisations need to embrace better cyber governance from the board down”, Minister for Cyber Security Clare O’Neil said. “This guidebook directly supports Action 5 of the Strategy by providing detailed guidance to corporate leaders on cyber preparation, response and recovery".
AICD Managing Director and CEO Mark Rigotti added that boards “have a key governance role to play in dealing with increasing cyber threat”.
“Digital systems form the backbone of almost every organisation and, in the event of a significant cyber incident, operations can be crippled. This has huge ramifications – financial, operational and reputational”, CSCRC CEO Rachael Falk said. “This guidance will help Australian directors prepare for and navigate these complexities and, hopefully, help build the cyber resilience of Australian organisations”.
