Got a question? Call 1800 853 276   |   

As enterprises strive to gain value by leveraging technology, the risk associated with digital business is increasing. Theft of personal information and private business information, misappropriation of resources, denial of service, and cybertheft are becoming commonplace, affecting large and small enterprises. Isolated approaches to information security, business continuity and incident response are a thing of the past; today, the urgency of providing continuously available services for customers and business partners in the digital economy requires enterprises to become resilient. A resilient enterprise protects itself from attack, but also recognizes that defense is not the end-all. A resilient enterprise needs to connect protection and recovery to the mission and goals of the enterprise, implementing integrated programs in order to provide sustainability of essential services. Board members need to evaluate the operational risk inherent in digital business and direct management to ensure that the enterprise is more than just protected—it is resilient.

Key Insights

  • The National Association of Corporate Directors recommends that “boards need to ensure that management is fully engaged in developing defence and response plans” and warns that to do otherwise is to place the enterprise’s core assets at risk

  • According to a recent Ponemon Institute study, it took enterprises 170 days, on average, to detect an attack by malicious outsiders and 259 days when insiders were involved in the attack

  • Cyberresilience is the ability to an enterprise to anticipate, withstand, recover from, and evolve to improve capabilities in the face of adverse conditions, stresses or attacks on the supporting recourses to needs to function

Given the nature of digital business and the value driven by the use of technology to meet stakeholder needs, the following questions may be appropriate for the board to ask:

  • Is sufficient attention given to the ability to defend against intrusions as well as the ability to recover and restore essential functions and services?

  • Is the board routinely information about the potential material operational risk and risk mitigation strategies as well as incidents that could impact the brand?

  • To what extent have essential services and functions been identified and programs implemented to provider for their resilience in the event of a disruption or cyber incident?

You can download the full report here.

View all of our ISACA courses here.

Feature Articles

Our AIICT brand expands portfolio with ten new courses to help address ICT skills shortage
The Australian Institute of ICT (AIICT) has introduced a new series of industry certified bootcamp programs and nationally-recognised qualifications to meet the surging demand for skilled ICT professionals in Australia.  The bootcamps support the Morrison Government’s recently announced Digital Skills Organisation (DSO) pilot, which recognises the importance of non-accredited training to support the development of skills of the future workforce. The bootcamp programs run for six months and comprise of several vendor-specific certifications. The courses include ‘Cloud Computing Certified Professional’, ‘Certified Microsoft Full Stack Developer’, ‘Certified Artificial Intelligence Professional’, ‘Growth Marketing Professional’ and ‘Certified Project Management Professional’. The decision to introduce the bootcamps follows the VET sector’s increasing move away from nationally recognised qualifications to vendor-specific, industry-certified training. According to the National Centre for Vocational Education Research, preference for accredited training courses has declined steadily in recent years, with employers increasingly less satisfied that these courses provide their employees with the most relevant and important skills for their business. This has led many organisations to preference non-accredited training provided by private technology vendors such as Microsoft and AWS.