Brought to you by
Digital Nation brought together leaders from the public sector, health and finance to investigate the issues that the new cybersecurity and critical infrastructure laws have created for company leaders and boards. In the inaugural Digital Nation Boardroom Impact session Sarv Girn, Leah Fricke, Simon Cowley and Thomas Fikentscher share their insights.

Critical Infrastructure and Cybersecurity

Thomas Fikentscher

Boards are traditionally populated with directors who have a very strong financial grounding, says Thomas Fikentscher Cyberark’s ANZ regional director. However, securing critical infrastructure from cyberattacks requires a more detailed understanding of risk.

It is an area where in other regards boards often apply considerable focus. For instance;

  • Governance risk: boards often talk about the composition of the management teams including the role of the CEO and other key executive leadership roles.
  • Risk of board approvals: examples are the risk of entering new markets, deciding on acquisitions or divestitures, major capital expenditures such as building manufacturing facilities or buying expensive machinery all fall under this risk category.
  • Business management risks: this often includes day to day items such as looking at financial reports (Balance Sheet, P&L, Cash Flow Statement), supplier risk, IP related risks, customer management, etc.

On this last point, he said boards in Australia tend to be populated by people with strong financial backgrounds.

“When people use the term metrics, they look at businesses in terms of financial metrics, so return on investment numbers, they go through P&L items, they understand how balance sheet should be structured, they understand how you actually have funding mechanisms. That's what a lot of board members come from.”

“This concept of risk needs to be discussed in more depth. And I think there are metrics that you can actually look at when you think about risk.”

“In my opinion a risk such as cybersecurity should be elevated to the level of critical enterprise risk, which means it can threaten the viability of a business if not managed properly (like issues such as credit risk for a financial institution or supplier risk for a manufacturing business).”

He believes some boards may treat cyber security as an emerging risk. “This is where newer elements such as climate change, demographic shifts and also cybersecurity might sit.”

“The problem is that boards often are less informed in these areas and have less experience as they wouldn’t have exposed during their active period as operational managers. Although it’s ultimately a job of the operational leadership team to manage these new risk items, boards should spend more time to learn more about it and discuss the consequences in detail.”

To access the minidocumentary, individual interviews, and features please fill in your details below.
By accessing this content, I agree to have my details passed on to CyberArk and nextmedia Pty Ltd