Cyber Readiness for Boards and Executives

Are you prepared for a cyber attack?

It has never been more important for Boards and Executives to understand their organisation’s cyber risks and their own role when enhancing enterprise security and responding to attacks. This is reflected in PwC’s 24th CEO Survey, with 95% of Australian CEOs identifying cyber risks as the top threat to business growth.

The rise of ransomware is just one threat that is testing both an organisation’s ability to respond to cyber attacks, as well as their enterprise-wide business continuity plans. The majority of businesses do not have a playbook that includes a decision framework to aid in making the best judgement calls in the ‘heat of the moment’.

Companies with tried and tested plans for responding to cyber attacks not only restore the business back to normal as quickly as possible, but protect its brand, reputation and financial stability.

Are you aware of your obligations?

Significant reforms to Australia’s critical infrastructure legislation are now in force. It is essential boards and individual directors of critical infrastructure entities are aware of their obligations to oversee and manage security threats.

While boards and directors cannot be prosecuted under critical infrastructure legislation, they do have enhanced requirements. This includes the obligation for the board to sign off on an organisation’s Risk Management Program (RMP).

The RMP is a written program that applies to responsible entities for one or more critical infrastructure assets. Organisations must identify, and as far as is reasonably practicable, mitigate material risks presenting a security threat.

Furthermore, while directors cannot be prosecuted under critical infrastructure legislation, their fiduciary duties under Section 180 of the Corporations Act still apply. This means due care and diligence must be exercised in the governance of critical infrastructure entities.

Under the Corporations Act, a director or other officer of a corporation must exercise their powers and discharge their duties with the degree of care and diligence that a reasonable person would exercise if they:

were a director or officer of a corporation in the corporation's circumstances; and
occupied the office held by, and had the same responsibilities within the corporation as, the director or officer.

Tailored cyber sessions for Boards and Executives

Regular updates on the current cyber threat land

Tailored briefings on the cyber landscape relevant to you, including cyber actors targeting your industry, legal and regulatory considerations, and impacts of a breach on similar organisations.

You will hear from our local and global cybersecurity experts, as well as specialists from our Global Threat Intelligence team and receive the latest legal and regulatory updates from our Digital Law practice.

This session includes an interactive debrief; via a short pulse-check we’ll assess the audience’s understanding of the session’s key points so you can leave the session knowing where you need to further your understanding.

Rehearse your response and learn from mistakes

A bespoke cyber crisis scenario created using our first-hand knowledge of cyber incidents in your industry. We’ve used this simulation to upskill some of Australia’s largest organisations. Co-developed with your key business & IT stakeholders to define the scope and scenarios to be simulated, we track and record each step of the exercise, and provide a report showcasing the strengths of the incident management procedures and gaps which need to be addressed. The simulation is facilitated by PwC’s experienced cyber crisis team who assess the stress behaviour of the exercise participants in an event of a crisis. The experience can be virtual, in person or hybrid.

Attack or respond? A team based, interactive cyber game

This interactive cybersecurity simulation exercise is a proprietary game developed out of our Cyber Innovation Centre in the US. It uses a head-to-head card based strategy game to challenge players to make quick, high impact decisions and assess their readiness to respond to a breach. PwC’s cybersecurity specialists coach players through cyber attack scenarios to teach players about what they can do to better prepare, respond, and remediate an attack, and familiarise them with different types of threat actors and their preferred methodologies of attack, to obtain a better understanding of the steps they need to take to better secure their business and organisational assets.

All-hazards attack preparation requires a multidisciplinary team

Our team includes a unique blend of both deep technical experts and specialists in specific industries who ensure that security recommendations align with broader business needs and take account of sector specific nuances. We have people who can help you with every aspect of the cybersecurity maturity journey - working as one seamless team with expertise drawn from technical, operational, legal, regulatory and reputational capabilities.