Boards and Cyber Resilience Study: Insights into director views and current board practices

Thursday, 30 June 2022

Cyber Security is an issue of highest priority for Australian boards, but gaps in formal structures and implementations remain.


To understand director views and board practices on building cyber resilience, the AICD in partnership with the Australian Information Security Association (AISA), conducted a member survey to benchmark current practice and guide further education initiatives for directors.

The Boards and Cyber Resilience study reveals that 72 per cent of directors see cybersecurity as a ‘high priority’ issue for their board, mirroring recent Director Sentiment Index results which found that cybersecurity has moved up to the top-ranking issue keeping directors ‘awake at night’.

However, at an organisational level, there are gaps in implementing cyber governance frameworks with only half (53 per cent) of directors saying their organisation has a formal cyber security framework or strategy in place.

Other results that indicate there is still room for improvement in board oversight, include:

  • Only 44 per cent of directors indicate receiving training in cyber risk, and even fewer (23 per cent) have appointed directors with cyber skills;
  • Around 39 per cent of directors say they have made cybersecurity a specific focus of a board committee;​
  • 36 per cent of directors say they receive regular reporting on internal training and testing; and​
  • Just 21 per cent of directors receive reporting on the cyber performance of key third-party suppliers.

Latest research

This is of of your complimentary pieces of content

This is exclusive content.

You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.