GovernWith Blog

GovernWith blog for Boards, Directors and Executives who want to develop their governance capabilities so they achive their strategic goals and mitigate risk

Posts by


Collaborating On Climate

Collaborating On Climate

Collaborating On Climate: Uniting Governance and Boards for Effective Climate Solutions

As the effects of climate change intensify, the imperative for collaborative efforts across sectors, including governance and boards, has grown exponentially. Collaboration isn't just an option; it's an essential strategy to tackle the multifaceted challenges posed by a shifting climate. In this article, we delve into the importance of collaboration in addressing climate change, its implications for governance and boards, and strategies to cultivate effective collaboration.

Collaborating On Climate Snippet


Understanding the Essence of Climate Collaboration:

Climate collaboration embodies the collective, coordinated endeavours of individuals, organisations, governments, and institutions to confront climate change and its associated threats. The intricate nature of climate challenges necessitates a unified, cross-boundary approach. Collaborative ventures allow for the pooling of resources, knowledge, and expertise to develop groundbreaking solutions, share exemplary practices, and ensure the creation of a sustainable future.

The Pivotal Role of Governance and Boards:

Governance bodies and boards bear a pivotal responsibility in climate collaboration. They shape policies, make strategic choices, and oversee organisational operations. Their decisions wield substantial influence over an organisation's response to climate-related risks and opportunities. Engaging boards in climate collaboration isn't just about risk mitigation; it's also about steering sustainable growth and resilience.

Unpacking the Implications for Governance and Boards:

  1. Strategic Fusion: Climate considerations must be seamlessly integrated into an organisation's strategic planning. Boards must comprehend the intricate interplay between climate risks and the broader business strategy. Collaborative efforts empower boards to remain attuned to evolving climate trends, align decisions with long-term sustainability goals, and stay ahead of the curve.
  2. Mitigating Risk: Climate collaboration empowers boards to discern and evaluate climate-related risks. Through collaboration with experts hailing from diverse sectors, boards can glean insights into emerging risks and implement effective risk mitigation strategies. This collaborative approach ensures a holistic comprehension of potential impacts and facilitates informed decision-making.
  3. Fostering Innovation and Adaptation: Collaboration drives innovation by facilitating the exchange of concepts, technologies, and solutions. Boards can play a pivotal role by supporting research, development, and implementation of eco-friendly technologies. Collaboration with industry peers and experts expedites the adoption of innovative practices.
  4. Engaging Stakeholders: Collaborative ventures create platforms for engaging stakeholders, including employees, customers, investors, and communities. Boards can leverage collaboration to enhance transparency, effectively communicate climate-related actions, and address stakeholder concerns adeptly.

Strategies to Foster Effective Climate Collaboration:

  1. Multi-Stakeholder Alliances: Engage an array of stakeholders encompassing governments, businesses, NGOs, academia, and communities. Collaboration across diverse sectors brings forth multifaceted perspectives and resources, thereby enhancing the efficacy of climate initiatives.
  2. Shared Data and Knowledge Exchange: Foster an ethos of transparent data sharing and knowledge exchange. Effective collaboration hinges upon access to precise, up-to-date information, which serves as the bedrock for informed decision-making.
  3. Articulate Objectives Clearly: Define precise, measurable goals for climate collaboration endeavours. Setting specific objectives enables boards to track progress meticulously and allocate resources optimally.
  4. Inter-Sectoral Workshops and Forums: Curate workshops, forums, and conferences that draw participants from diverse sectors. Such platforms facilitate networking, exchange of ideas, and joint project ideation, nurturing the collaborative spirit.
  5. Nurturing Board Expertise: Ensure that boards boast members armed with pertinent expertise in climate science, environmental policy, and sustainability. This expertise heightens decision-making quality and fosters effective climate collaboration.
  6. Long-Term Dedication: Climate collaboration necessitates unwavering commitment. Boards must accord priority to sustainability on their agendas, recognising the perpetual nature of climate challenges.

In summation, embracing collaborative efforts to combat climate change is not merely an option—it's a call to action for governance bodies and boards to usher in sustainable change. As climate change presents intricate challenges, collaboration emerges as a potent strategy to pool resources, share insights, and devise inventive solutions. Engaging in collaborative pursuits empowers governance bodies to make informed choices, mitigate risks, drive innovation, and pave the way for a resilient future. By embracing the ethos of climate collaboration, governance and boards can navigate the complexities of climate change and contribute to a world marked by sustainability and prosperity.

Read More
Flooding Events Strategic Planning

Flooding Events Strategic Planning

Navigating Flood Events: A Governance Imperative for Resilience

In an era of escalating climate risks, flooding events have emerged as a prominent and recurrent challenge for communities and organisations alike. As the frequency and severity of flooding incidents rise, the imperative for robust governance strategies to manage these risks becomes increasingly clear. This article delves into the profound implications of flooding events on governance and boards, shedding light on the challenges they present and the strategies organisations can employ to effectively navigate this evolving landscape.

Flooding Events - Governance Risk Snippet


Understanding the Impact: Flooding as a Multi-faceted Challenge

Flooding events have transcended from sporadic occurrences to recurring phenomena with far-reaching consequences. Beyond the immediate devastation they cause, floods trigger a cascade of challenges that extend across sectors, economies, and communities. As organisations navigate the aftermath of these events, boards of directors encounter unique governance challenges that demand innovative and adaptive solutions.

Governance Implications: A Holistic Perspective

For boards, the surge in flooding events signals the need for a paradigm shift in their approach to governance. Traditional risk assessment frameworks must now encompass the potential impact of flooding events on strategic plans. Protecting assets, ensuring business continuity, and safeguarding stakeholders' interests require proactive strategies that address the escalating flood risks.

Building Financial Resilience and Strategic Agility

A central concern in the wake of flooding events is financial resilience. Organisations must assess their capacity to absorb the financial shocks caused by flooding, including damage to infrastructure, supply chain disruptions, and increased operational costs. Boards must seamlessly integrate flood risk considerations into their financial planning to ensure sustainable growth and resilience.

Stakeholder Engagement and Community Collaboration

Effective governance extends beyond boardroom decisions; it encompasses engagement with communities and stakeholders. Flood events often disrupt not only business operations but also the lives of local residents. Boards must prioritise transparent communication with affected communities, demonstrating commitment to addressing their concerns and collaborating on effective solutions.

Navigating Regulatory Compliance and Accountability

The escalating frequency of flooding events has prompted governments to tighten regulations surrounding environmental management and disaster preparedness. Boards bear the responsibility of ensuring compliance with these regulations, necessitating a deep understanding of the legal landscape related to flood risk management. Embedding flood resilience into corporate governance practices enables organisations to navigate legal complexities and protect their reputation.

Strategies for Governance Resilience in Flood-Prone Environments

  1. Comprehensive Risk Assessment and Management: Boards must undertake thorough risk assessments that account for potential flooding impacts. By identifying vulnerabilities and implementing targeted risk mitigation strategies, organisations can enhance their resilience against flooding events.
  2. Scenario-Based Planning: Employing scenario analysis allows boards to anticipate the potential consequences of diverse flooding scenarios on strategic goals. This proactive approach empowers informed decision-making, minimising disruptions and ensuring business continuity.
  3. Integration of Flood Risk into Strategic Planning: Flood risk considerations must be seamlessly woven into strategic planning. Boards should align the organisation's mission and values with flood resilience objectives, ensuring that flood risk management is integrated into their long-term vision.
  4. Collaborative Partnerships: Boards should foster partnerships with government agencies, community organisations, and industry peers. Cross-sector collaborations facilitate the development of innovative solutions for flood risk mitigation and management.

Addressing Mental Health and Supply Chain Disruptions

The impact of flooding events extends beyond physical infrastructure and financial considerations. Mental health challenges arising from these events necessitate dedicated attention from boards. In the aftermath of floods, communities experience long-term psychological effects, underscoring the importance of mental health support as part of an organisation's social responsibility.

Additionally, boards must address the ripple effects of flooding on supply chains. Disruptions caused by road closures, bridge damage, and other infrastructure failures can result in critical supply shortages, affecting vital services such as healthcare. By identifying alternative supply routes and fostering flexibility within the supply chain, boards can enhance an organisation's resilience against flooding-induced disruptions.


As flooding events become more frequent and their impacts more far-reaching, the role of governance in addressing these challenges becomes paramount. Boards of directors must recognise the multi-dimensional nature of flooding incidents and proactively adapt their governance strategies to ensure financial resilience, stakeholder engagement, regulatory compliance, and long-term sustainability. By incorporating flood risk management as an integral component of their governance framework, boards can lead their organisations towards a future characterised by resilience, adaptability, and community support.

Read More
Climate Governance Risks

Climate Governance Risks

Climate Change Resilience and Governance: A Holistic Approach to Strategic Planning

In an era characterised by the escalating impact of climate change, the landscape of strategic planning has undergone a seismic shift. Organisations, irrespective of their size or sector, are grappling with the ramifications of a changing climate on their strategic objectives and operational landscape. Amidst this complex backdrop, the convergence of climate change resilience and governance emerges as a paramount consideration. This article delves into the crucial interplay between climate change resilience and governance in the realm of strategic planning, shedding light on how organisations can navigate these intertwined dimensions for a resilient and sustainable future.

Governance Risks Snippet Replay


Elevating Climate Change Resilience in Strategic Planning

Climate change is no longer an abstract concept confined to scientific discourse; it's a palpable reality that directly intersects with organisational operations and governance. Strategic planning, traditionally centred around financial projections and market dynamics, must now expand its purview to encompass the far-reaching implications of climate change. As the frequency and intensity of heatwaves escalate, vulnerable segments of the population, particularly the elderly, face heightened risks. This compounding effect ripples through the fabric of an organisation, influencing even the most entrenched governance structures.

The Nexus of Vulnerability: Elderly and Energy Prices

The nexus between climate change and governance risks becomes starkly evident when examining the impact of heatwaves on vulnerable groups, such as the elderly. The elderly, who are disproportionately affected by extreme heat events, showcase the interconnectedness of climate change, energy costs, and governance considerations. As high energy prices prompt individuals to forgo heating or cooling, concerns for the well-being of those without proper insulation or access to cooling options intensify. Notably, heatwaves stand as the most lethal of all natural hazards in Australia, underscoring the urgency of addressing their implications within the strategic planning framework.

Duty of Care: Bridging Health and Education

The ramifications of climate change resilience and governance extend beyond the confines of a single sector. Within the healthcare sector, the duty of care extends not only to patients but to the staff entrusted with their well-being. The scope of risk assessment must broaden to encompass the holistic impact of climate change on both those under the organisation's care and its workforce. Similarly, the education sector grapples with the imperative to ensure student safety and well-being amidst escalating heatwaves. As the boundaries of responsibility expand, strategic planning must evolve to reflect the holistic duty of care towards all stakeholders.

Embedding Resilience in Governance: A Strategic Imperative

At the heart of effective climate change resilience and governance lies the need for strategic planning that transcends conventional boundaries. Governance risks intertwine with climate change realities, necessitating an integrated approach to risk management. Here's a comprehensive roadmap for embedding climate change resilience within the fabric of governance in the strategic planning process:

  1. Inclusive Risk Assessment: Expand risk assessments to incorporate the vulnerable segments of the population, recognising their heightened exposure to climate-related hazards.
  2. Stakeholder-Centric Approach: Engage stakeholders, from clients to staff, in the risk assessment process. Emphasise the duty of care and holistic well-being.
  3. Sector-Specific Adaptation: Tailor adaptation strategies to address sector-specific challenges arising from climate change. Identify synergies between resilience and governance goals.
  4. Collaborative Governance: Foster cross-sectoral collaboration to share insights, experiences, and best practices for navigating climate-related governance risks.
  5. Continuous Monitoring: Establish mechanisms for ongoing monitoring of climate change impacts on governance risks. Iterate and adapt strategic plans in response to evolving challenges.
  6. Communication and Transparency: Communicate climate change resilience efforts and governance adaptations transparently to stakeholders. Bolster trust and credibility through open communication channels.

Embracing the Nexus of Resilience and Governance

In conclusion, the integration of climate change resilience and governance is not an option; it's a strategic imperative. As organisations confront the intensifying realities of climate change, they must transcend traditional strategic planning paradigms. By embedding climate change resilience within governance considerations, organisations can forge a path of adaptability, responsibility, and long-term success. The nexus of resilience and governance offers a transformative opportunity to redefine strategic planning in the face of a changing world.

Read More
Cyber Governance and Good Faith

Cyber Governance and Good Faith

Strengthening Governance through Cyber Vigilance and Ethical Commitment

In the landscape of governance, the essence of acting in good faith surpasses mere legal compliance. It embodies a profound dedication to safeguarding an organisation's best interests amidst the ever-evolving challenges. Wes Ward and Fi Mercer engage in an illuminating dialogue that unveils the intrinsic connection between acting in good faith and the realm of cybersecurity governance.

Cyber Governance and Good Faith Snippet


Navigating Governance with a Strategic Approach:

In the pursuit of effective governance, the principle of acting in good faith takes centre stage. This principle transcends legal obligations and resonates with the ethical core of stewardship. Fi Mercer delves into the realm of board duties and responsibilities, highlighting the pertinence of this principle. It's not just about adhering to the letter of the law; it's about fostering a culture of due diligence, prudence, and vigilance.

Ethical Governance Framework:

Ethical governance principles encapsulate the notion that boards are dynamic entities. They continually assess, develop, and refine themselves. Fi Mercer echoes the essence of these principles, emphasising that board development and director skills enhancement are integral aspects of ethical governance. Mere recruitment cannot bridge the skills gap; a proactive approach to learning and development is crucial.

Incorporating Good Faith into Action:

Acting in good faith demands tangible steps. It requires boards to delve into their organisation's cybersecurity posture. Are policies robust? Is comprehensive training imparted? Does the organisational culture prioritise cybersecurity vigilance? Fi Mercer underscores that these actions transform good faith from theoretical intent to practical measures that bolster an organisation's cyber resilience.

Empowering Directors with Insightful Queries:

Directors, while not cybersecurity experts, play a pivotal role in driving organisational vigilance. Their inquiries, their probing, their questions can shape an organisation's cyber posture. Acting in good faith entails equipping directors with the right questions to steer discussions towards cybersecurity preparedness. When directors are armed with the knowledge to ask pertinent questions, the trajectory of cyber risk management shifts significantly.

Converging Good Faith and Cyber Resilience:

In an era dominated by digital transformation, acting in good faith takes on a new dimension. It becomes synonymous with cyber resilience. Fi Mercer articulates that good faith translates into practical measures that address cybersecurity head-on. It involves proactively establishing policies, fostering a culture of cybersecurity, and continually assessing and enhancing director skills. When these elements align, an organisation can face a cyber attack with the assurance that its foundation is fortified by good faith efforts.

Confronting Challenges with Strength:

While acting in good faith cannot completely eliminate the threat of a cyber attack, it empowers organisations to confront challenges with strength. It signifies a commitment to proactive measures, diligent oversight, and a culture that values cybersecurity. Fi Mercer and Wes Ward's discussion underscores that acting in good faith serves as a compass that guides governance towards ethical, proactive, and resilient cybersecurity practices.

In essence, the essence of acting in good faith transcends legal obligations. It's a commitment, a mindset, and a foundation for ethical governance. In the context of cybersecurity, it's a guiding light that directs organisations towards proactive strategies, insightful inquiries, and an unyielding dedication to cyber resilience. Boards that embrace this principle not only mitigate risks but also emerge as exemplars of vigilant and conscientious governance.

Read More
Cyber Response Planning for the Board of Directors

Cyber Response Planning for the Board of Directors

Empowering Boards for Cyber Resilience: Navigating Director Responsibilities

In today's digital age, cybersecurity stands as a formidable challenge for organisations across sectors. The dynamic landscape necessitates boards and directors to evolve their approach, effectively countering the escalating threat of cyber attacks. In this article, we delve into a profound conversation with Vera Visevic, shedding light on the critical imperative for directors to grasp cybersecurity nuances, harness relevant expertise, and fulfil their duties within an ever-changing legal and technological framework.

Cyber Response Planning for the Board of Directors Snippet


Equipping Directors with Cyber Insight:

Vera Visevic highlights a foundational requirement – directors must acquire a comprehensive comprehension of cybersecurity. This understanding extends beyond the surface, given the far-reaching impact of cyber risks. To empower directors, tailored training in cybersecurity takes precedence. A well-informed board can cultivate a culture of cyber awareness and align their governance practices with the intricacies of the digital realm.

Leveraging Expert Proficiency:

The surge in cyber threats necessitates expertise that might be lacking within boards. Vera emphasises the value of enlisting directors who possess a background in cybersecurity. These individuals offer insights bridging the gap between boardroom discussions and the complex realm of cyber threats. However, given the scarcity of such experts, alternative avenues emerge. Establishing a dedicated subcommittee focused on cybersecurity empowers organisations to tap into external specialists. This collective knowledge reinforces a proactive stance in mitigating cyber risks.

Exploring External Collaborations:

In instances where internal expertise is limited, external collaborations become pivotal. Vera recommends that organisations allocate resources for engaging external cybersecurity specialists. These professionals provide an objective, well-informed perspective that enhances decision-making. The investment in external advice not only bolsters cybersecurity strategies but also signifies a commitment to due diligence within a transforming legal landscape.

Legal Ramifications and Continual Obligations:

Vera Visevic illuminates the evolving legal dimensions surrounding cybersecurity. As laws progress, directors find themselves under heightened scrutiny regarding their cyber readiness. Boards must remain attuned to these legal shifts. As organisations navigate this intricate landscape, it's clear that cybersecurity is not a static concern; it's an ongoing commitment. Directors must remain vigilant, adapting their strategies and policies to proactively address cyber threats.

The Imperative for Action:

The insights gleaned from Vera's expertise culminate in a resounding call to action. Boards can't afford passivity in the face of cyber risks. Ignorance is no longer a permissible excuse; the law mandates proactive measures. Organisations must facilitate cybersecurity education for directors and explore avenues to infuse cyber expertise into boardroom deliberations. Whether through specialised directors, dedicated committees, or external consultants, the objective remains constant: fostering a robust cyber defence strategy aligned with an organisation's ethos, values, legal obligations, and future aspirations.


The confluence of technology and governance propels cybersecurity to the forefront of organisational priorities. Vera Visevic's insights underscore the essential fusion of cybersecurity expertise with boardroom decisions. As cyber threats gain complexity, directors must embrace education, collaboration, and external insights to effectively navigate this evolving landscape. Forward-looking organisations acknowledge that cybersecurity isn't an isolated concern—it's a core facet of resilient governance. By championing cybersecurity proficiency, boards guide their organisations toward a digitally secure future, fortified against the ever-evolving realm of cyber risks.

Read More
Cyber Lessons Minimising Risk

Cyber Lessons Minimising Risk

Navigating Cybersecurity Risk: Lessons in Governance and Director Responsibility

In the ever-evolving world of business, the looming spectre of cybersecurity risk demands astute attention and strategic management. Vera Visevic, a legal expert, delves into the intricate realm of cybersecurity risk management, illuminating crucial lessons that underscore the importance of regular risk assessments, well-defined response strategies, and the imperative of maintaining a robust framework of governance. As businesses grapple with the complex interplay of technology and risk, Vera's insights offer a compelling perspective on how organisations can effectively traverse the complexities of cybersecurity risk to shield their operations and reputation.

Cyber Lessons Snippet


The Inevitability of Cybersecurity Risk:

In today's interconnected world, cybersecurity risk emerges as a formidable and multifaceted concern that permeates nearly every facet of business operations. Vera astutely points out that the objective isn't to eliminate cybersecurity risk entirely—an often unattainable feat. Instead, the emphasis rests on significantly reducing risk through the implementation of robust cybersecurity documentation and controls. While complete eradication remains elusive, the quest to curtail risk to an acceptable level serves as a pivotal aspect of diligent risk management.

Lessons from Cyber Risk Assessments:

The notion of performing a single cyber risk assessment and considering the task complete is a fallacy that organisations must disavow. Vera emphasises the significance of conducting regular cyber risk assessments, recognising that the cyber threat landscape is dynamic and ever-evolving. By embracing a continuous approach to risk assessment, organisations remain attuned to emerging threats and vulnerabilities, enabling timely adaptations to cybersecurity strategies and controls. Such an approach acts as a proactive bulwark against potential breaches and their subsequent fallout.

Navigating Cyber Events with Preparedness:

Preparedness lies at the heart of an effective response to any cyber event. Vera underlines the importance of having a well-defined response plan in place—a non-negotiable imperative. Cyber events can strike unexpectedly, and without a clearly delineated response strategy, organisations risk contending with chaotic scenarios that exacerbate the impact of the breach. An organised and rehearsed response plan, coupled with transparent communication channels, empowers organisations to rapidly and effectively mitigate the aftermath of cyber incidents, thus minimising potential harm to operations, reputation, and stakeholder confidence.

The Pivotal Role of the Court:

In the unfortunate event that cybersecurity matters culminate in legal proceedings, Vera highlights a critical factor that organisations must recognise—the court's reliance on cyber experts. As the legal landscape intertwines with the intricacies of technology, courts increasingly turn to cyber experts to determine the expected course of action in specific situations. This underscores the gravity of an organisation's duty of care, skill, and diligence in the realm of cybersecurity. The Australian Institute of Company Directors (AICD) director's guide reaffirms that lacking specialist knowledge in ICT and cybersecurity doesn't exempt directors from the responsibility of ensuring effective governance in these domains.

Upholding Governance in Cybersecurity:

Vera's insights reinforce the idea that cybersecurity governance isn't an isolated domain reserved exclusively for experts. Each director carries the weight of ensuring that appropriate governance mechanisms are in place to safeguard the organisation's digital landscape. The AICD director's guide serves as a compass, illuminating the fact that directors have a duty to oversee cybersecurity governance, even if they lack specialised expertise in the field.

In Conclusion: Navigating the Intersection of Risk and Governance

Vera Visevic's discourse illuminates the intricate juncture of cybersecurity risk and governance, elucidating the lessons drawn from her legal expertise. From the inevitability of cyber risk to the significance of recurring risk assessments, from the importance of readiness in responding to cyber events to the court's reliance on cyber experts, her insights chart a trajectory for organisations to skilfully navigate the intricate waters of cybersecurity risk. As technology continues to reshape the business landscape, the responsibility of directors to uphold cybersecurity governance remains steadfast, paving the way for a resilient and secure future in the digital era.

Read More
Cyber Risk - Are Directors Personably Liable

Cyber Risk - Are Directors Personably Liable

Navigating Director Liability in the Digital Age: Cybersecurity Responsibilities Unveiled

In the modern era of technology, the role of directors has undergone a profound transformation, accompanied by a slew of new responsibilities. This paradigm shift is particularly evident in the realm of cybersecurity. As organisations across diverse sectors embrace digital transformation, questions about the extent of directors' liability in safeguarding their entities against cyber threats have gained prominence. In this article, we delve into a compelling discussion between Wes Ward and Vera Visevic from Mills Oakley, shedding light on the evolving landscape of director liability and the intricate legal implications surrounding cybersecurity.

Are Directors Personably Liable Snippet


New Horizons, Fresh Responsibilities:

The infusion of technology into various facets of business and society has heralded exciting new possibilities. Yet, hand in hand with these opportunities come novel obligations that directors must grapple with. Vera Visevic underscores the pivotal notion that, alongside technological strides, directors are entrusted with an elevated duty to shield their organisations against the ever-evolving menace of cyber threats.

Amplified Director's Duties:

In the arena of directorial obligations, a core set of five or six responsibilities have long held sway. These encompass facets such as acting in the organisation's best interests, adroitly navigating conflicts of interest, and exemplifying vigilance, competence, and diligence. However, Vera cogently elucidates that the duty of care and diligence is now expanding its domain to encompass the intricate terrain of cybersecurity. In a landscape where business operations are inextricably entwined with digital dimensions, directors are expected to exercise judicious care and diligence in shielding their organisation's digital assets from the multifaceted spectrum of cyber risks.

The Unveiling of Cyber Resilience:

The concept of cyber resilience has surged to the forefront in recent times. It encapsulates the need for organisations to foster a culture that is astutely primed to withstand and rebound from cyber incidents. Vera emphasises that cyber resilience isn't just a cultural prerogative; it constitutes a bona fide legal duty for directors. They are not merely anticipated to incorporate cybersecurity practices within the organisational fabric but are mandated to do so. Cyber resilience is more than a catchphrase—it's a tangible commitment to shoring up defenses against the digital onslaught.

Decoding Personal Liability:

The notion of director liability in the context of cybersecurity isn't a mere abstraction—it's a palpable concern. Should a director falter in fulfilling their duty of care and diligence in safeguarding against cyber threats, they may find themselves confronting personal liability. In essence, if a cyber incident materialises due to a director's neglect to exercise prudent care in cybersecurity matters, they could be ensnared in a web of legal ramifications. It's a stark reminder that the evolving nature of cyber threats demands an equally dynamic approach to directorial responsibilities.

The Australian Institute of Company Directors (AICD) Standpoint:

The Australian Institute of Company Directors (AICD) has long stood as a vanguard in guiding directors through their multifaceted responsibilities. Vera astutely highlights that as far back as 2016, the AICD recognised the burgeoning significance of cybersecurity in the directorial realm. Their stance reverberates: cyber resilience isn't just an optional pursuit—it's a cultural bedrock. Moreover, the duty of care and diligence isn't confined to conventional realms; it has now expanded its embrace to encompass the rapidly evolving landscape of cybersecurity.

In Conclusion:

As technology inexorably weaves its tapestry into the fabric of modern business, directors grapple with a shifting panorama of responsibilities. No longer is directorial accountability circumscribed to traditional domains; it's expansively intertwined with cybersecurity preparedness. With the duty of care and diligence undergoing a metamorphosis to encompass cybersecurity, directors are impelled to proactively engage with and address the multifarious visage of cyber risks. In essence, embracing cybersecurity as an integral facet of directorial responsibilities heralds the cultivation of resilient organisations, poised to navigate the digital epoch with sagacity and poise.

Read More
What To Do When You Have A Cyber Attack

What To Do When You Have A Cyber Attack

The Intricacies of Cyber Incidents: Navigating Challenges

In the ever-evolving landscape of cybersecurity, the emergence of cyber incidents poses a critical threat to businesses of all sizes. In this article, we delve into the insights shared by cybersecurity experts David Rudduck and Wes Ward, shedding light on the intricacies of cyber incidents and the challenges they bring to the forefront.

What To Do When You Have A Cyber Attack Snippet


Understanding the Evolution of Cyber Incidents:

David Rudduck provides an illuminating perspective on how cyber incidents often unfold. He highlights that these incidents often start as seemingly minor computer problems, where employees encounter difficulties accessing data or systems. These initial signs prompt users to seek help from the IT help desk, which becomes the moment of revelation when the true nature of the incident comes to light.

For many businesses, this revelation is a wake-up call. In an ideal scenario, the business engages its insurance broker, who initiates the claims process with the cyber insurer. The insurer then assembles an incident response team to address the situation. However, the subsequent trajectory of the incident response varies based on the effectiveness of collaboration and the preparedness of the organisation.

Challenges in Managing Cyber Incidents:

David Rudduck and Wes Ward elaborate on the hurdles faced while managing cyber incidents:

Lack of Comprehensive IT System Inventory:

A pivotal challenge arises when incident response teams seek a comprehensive inventory of an organisation's IT systems. This inventory includes servers, databases, and other critical components. Frequently, businesses struggle to provide this detailed overview, resulting in delays in the incident response process. In unfortunate cases, the asset list itself may have been encrypted by cyber attacks, rendering it inaccessible and hindering the response team's efforts.

Inadequate Logging and Data Records:

The significance of logging data, which records every activity within an IT environment, becomes apparent during incident response. However, it's not uncommon for businesses to lack properly configured or comprehensive logging practices. Default logging settings might not suffice, making it challenging for the response team to gain insights into the incident timeline and the actions of threat actors.

Compromised Investigation Scene:

One of the most unfortunate aspects encountered after a cyber attack is the potential tampering of evidence by the organisation's internal IT team. While conducting their investigations, the IT team might unintentionally alter or damage crucial data that could have been crucial in reconstructing the actions of threat actors. This unintentional interference complicates the incident response process and impedes the creation of a comprehensive picture.

The Unfavourable Outcome:

As a result of these challenges, businesses often find themselves in an undesirable position. The lack of forensically relevant data hampers the ability to definitively disprove unauthorised access or data exfiltration. The absence of concrete evidence may require notifying stakeholders due to potential uncertainty. Moreover, threat actors may exploit the situation by employing the tactic of double extortion, claiming to have exfiltrated sensitive data and threatening its public disclosure.


The insights shared by cybersecurity experts underscore the complex nature of managing cyber incidents. Businesses must be prepared to address challenges related to IT system documentation, data logging, and maintaining the integrity of the investigation scene. Through proactive measures such as robust asset inventories, comprehensive logging practices, and adherence to incident response protocols, organisations can enhance their ability to mitigate the impact of cyber incidents. By doing so, businesses can reduce the risk of falling victim to the intricate web of cyber threats and better safeguard their digital assets.

Read More
Climate Change Risks to Boards

Climate Change Risks to Boards

Climate Change Risk Management: A Governance Imperative for Boards

In the ever-evolving landscape of business and governance, climate change has emerged as a critical consideration for directors, chairs, and executives. Today, we address the implications of climate change for strategic plans, emphasising the role of boards in managing associated risks and fostering sustainability. This article explores the intersection of climate change and governance, focusing on the not-for-profit sector's unique challenges.

Climate Change Risk to Boards Snippet


Climate Change and Strategic Planning: A Governance Perspective

Strategic planning is the cornerstone of organisational success, guided by a board's governance perspective. As custodians of an organisation's well-being, boards must identify risks that could disrupt strategic plans and hinder progress. Climate change, a contemporary risk, demands special attention due to its potential to impact traditional governance risks.

Sector-Specific Climate Risk: Navigating the Landscape

In the realm of not-for-profit organisations, climate change poses distinctive challenges. Let's delve into one of these risks, the governance risk, and understand its dynamics. By dissecting the current situation, projected outcomes, and traditional governance risks, boards can integrate climate change into their risk matrix effectively. Moreover, the ongoing energy transition introduces added complexity, including rising energy costs affecting diverse sectors, from healthcare to aged care.

The Financial Toll of Climate Change: A Board's Responsibility

For boards, climate change extends beyond environmental concerns; it encompasses financial implications. As Fi Mercer aptly highlights, the rising costs of power and essential resources warrant vigilant attention. Beyond community impact, these financial challenges resonate with providers and organisations alike. Boards must recalibrate their risk hierarchy, elevating the cost factor to mitigate its potential impact.

Transitioning to Renewable Energy: A Complex Landscape

The transition to renewable energy, although imperative for addressing climate change, is far from straightforward. Neil Plummer addresses the practicalities of this shift and the associated challenges. While governments set emission reduction targets, the journey to a cleaner energy landscape is riddled with bumps and uncertainties. However, the commitment of governments, coupled with incentives, offers businesses and not-for-profits opportunities to embrace cleaner energy solutions.

Aligning Governance with Climate Action: A Multifaceted Approach

Integrating climate change risk management into governance requires multifaceted strategies:

  • Risk Awareness and Education: Directors must educate themselves about climate change's implications for their sector, ensuring informed decision-making.
  • Strategic Incorporation: Boards should incorporate climate change risks into strategic planning, aligning them with organisational goals.
  • Scenario Analysis: Engaging in scenario analysis helps boards visualise climate-related risks, enabling proactive responses.
  • Stakeholder Engagement: Engaging stakeholders fosters a comprehensive understanding of expectations and concerns.
  • Transparent Reporting: Transparent reporting of climate change risk exposure builds stakeholder trust and accountability.

A Call to Action for Boards: Navigating Climate Change Risks

In the face of climate change, boards must embrace their role as stewards of their organisations' future. This involves acknowledging the interconnectedness of climate change risks and their potential to amplify traditional challenges. By embedding climate considerations into governance practices, boards not only safeguard organisational sustainability but also contribute to a resilient and responsible future. The nexus of climate change and governance presents an opportunity for boards to lead by example, fostering a positive impact on both their organisations and the broader environment.

Read More
Climate Change Risk Multiplier

Climate Change Risk Multiplier

Unveiling the Climate Change Risk Multiplier: Navigating Impacts on Governance and Boards

As the global climate crisis continues to unfold, the concept of the Climate Change Risk Multiplier emerges as a crucial framework that demands attention, particularly for governance and board members. This multiplier underscores the intricate connections between various climate-related risks, highlighting their potential to amplify each other's impact. In an era where climate change represents one of the most significant challenges, comprehending and integrating the implications of the Climate Change Risk Multiplier is paramount for effective governance.

Climate Change Risk Multiplier Snippet


Exploring the Essence of the Climate Change Risk Multiplier

The Climate Change Risk Multiplier serves as a pivotal tool that illuminates the complex web of climate risks and their synergistic effects. By encompassing a diverse array of factors such as soaring temperatures, evolving precipitation patterns, rising sea levels, and more, this multiplier provides a comprehensive insight into the potential risks that emanate from climate change.

Magnifying the Consequences of Climate Change

As the global thermometer climbs and extreme weather events become increasingly frequent, the scope of climate change's impact extends beyond individual risk categories. The Climate Change Risk Multiplier delves into the confluence of these factors, elucidating how they mutually exacerbate each other's outcomes. For instance, escalating temperatures might lead to prolonged droughts, intensifying water scarcity issues, which, in turn, ripple across sectors such as agriculture, energy supply, and community welfare. The multiplier effect amplifies the disruptions an organisation might face in terms of operations, financial stability, and strategic plans.

Governance Implications: Embracing the Multiplier

For governance entities and boards, embracing the intricacies of the Climate Change Risk Multiplier holds profound implications. It offers insights into the complexities of climate risks and their potential cascading consequences. Failing to incorporate this multiplier's influence into decision-making processes can result in underestimated risks and insufficient preparedness, ultimately jeopardising an organisation's long-term sustainability.

Strategic Integration of the Multiplier

To effectively integrate the Climate Change Risk Multiplier into governance practices, boards should consider the following steps:

  1. Holistic Risk Assessment: Undertake a comprehensive climate risk assessment that accounts for the interconnectedness of various risk factors. This approach ensures that vulnerabilities are not overlooked.
  2. Scenario Analysis: Employ scenario analysis to anticipate the potential outcomes of diverse climate risk combinations. Informed decision-making should encompass the entire spectrum of potential impacts.
  3. Adaptive Strategies: Devise adaptive strategies that consider the multiplier's effects. These strategies should be flexible enough to respond to evolving risk profiles as climate conditions change.
  4. Stakeholder Engagement: Engage stakeholders to gain a deeper understanding of the multi-dimensional impacts of climate risks. Collaborative efforts can provide valuable insights and bolster the credibility of risk management endeavours.

Fostering Collaborative Governance

Appreciating and addressing the Climate Change Risk Multiplier necessitates collaborative governance. Boards and management teams must collaborate to ensure that the organisation is well-prepared to navigate the intricate landscape of climate risks. By proactively collaborating, strategies can be robust, adaptable, and aligned with the organisation's core mission and values.


The Climate Change Risk Multiplier serves as an imperative reminder for boards and governance bodies to adopt a comprehensive and integrated approach to climate risk management. As climate risks become increasingly complex and intertwined, understanding how various risk factors amplify each other's impacts is essential for making informed decisions that safeguard an organisation's operations, reputation, and long-term viability. In a world grappling with the consequences of climate change, embracing the multiplier concept is not merely a strategic choice—it's a vital step toward building a resilient and sustainable future.

Read More
Cyber Attack Planning Workflows & Timelines

Cyber Attack Planning Workflows & Timelines

Navigating Cyber Incidents: Strategies for Directors and Timely Response

In the interconnected digital realm, cyber incidents have become an unavoidable challenge faced by businesses of all scales and sectors. In this article, we explore the insights shared by David Rudduck on effectively managing cyber threats. From containment and eradication to business resumption, forensics analysis, legal considerations, and customer notification, we delve into the crucial phases of handling cyber incidents. Additionally, we'll address the importance of involving boards, directors, and planning timelines in a comprehensive cyber incident response strategy.

Boardroom Workflows & Timelines Snippet


Containment and Eradication: Halting the Cyber Attack

When a cyber attack surfaces, the initial step is containment and eradication. This process mirrors halting bleeding in a medical emergency, where businesses must swiftly arrest the threat's progression and eliminate the attacker's presence from the environment. Successful containment and eradication prevent further damage, safeguard data, and minimise the attack's impact.

Business Resumption: Swift Recovery Strategies

Following containment and eradication, the focus transitions to business resumption. Critical systems take precedence during this phase, as they're essential for restoring operations. Efficiently prioritising systems ensures that businesses achieve partial operational status, minimising the economic repercussions of downtime.

Concurrent Steps: Forensics and Root Cause Analysis

While containment, eradication, and business resumption proceed, forensics and root cause analysis run concurrently. Forensics scrutinises the threat actor's activities within the environment, particularly significant for sectors handling sensitive data. Healthcare and other industries grappling with personal information must ascertain whether data access triggered regulatory mandates. Legal experts provide valuable guidance in ensuring compliance and tailored regulatory advice.

Balancing Transparency: Effective Customer Notification

Notification poses a formidable challenge post-incident. Many businesses grapple with the intricacies due to inadequate data governance. Under the Privacy Act's requirements and specific data storage obligations, notifying customers about potential breaches becomes complex. Rudduck underscores the importance of informed notifications, offering a comprehensive approach based on meticulous data analysis. Informed notifications empower affected individuals to take prudent actions.

The Role of Legal Consultation: Navigating Complexities

Legal guidance is instrumental in navigating post-incident challenges, particularly in the realms of notification and regulatory compliance. Enlisting legal partners well-versed in cyber incidents and regulations ensures proper communication, mitigating reputational damage and legal ramifications. Experienced legal teams can provide insights into crafting effective communications that resonate with stakeholders and the media.

Managing Expectations: Timely Communication and Planning Timelines

A successful incident response entails aligning stakeholder expectations, including boards and customers, with realistic planning timelines. Effective communication strikes a balance between the urgency of updates and the time needed for thorough analysis and remediation. Transparent communication fosters trust while maintaining accurate reporting.

Involving Boards and Directors: A Comprehensive Approach

Cyber incidents underscore the crucial role of boards and directors. Their strategic oversight is pivotal in crafting and implementing robust incident response strategies. Empowered directors with a nuanced understanding of cyber threats contribute to better decision-making during incidents.


As the threat landscape continues to evolve, businesses must prioritise cyber incident preparedness. An adept incident response strategy, encompassing containment, eradication, business resumption, forensics analysis, legal considerations, and transparent customer notification, is essential for minimising damage and protecting both operations and reputation. Furthermore, involving boards, directors, and planning timelines elevates the overall cyber resilience of an organisation.

Read More
Climate Risks - Bushfire Index

Climate Risks - Bushfire Index

Understanding the Bushfire Index: Implications for Governance and Boards

The bushfire index serves as a critical metric in assessing fire dangers intensified by climate change, casting a significant shadow over Australia's vulnerability to bushfires. This article delves into the essence of the bushfire index, the emerging trends it reveals, and the consequential governance and board considerations. 

Bushfire Index Snippet


Decoding the Bushfire Index

At its core, the bushfire index acts as a diagnostic tool that quantifies the severity of fire weather conditions. This index dissects an array of factors, encompassing temperature, rainfall, and forest fuel levels, to assess the intensity of fire risks. Notably, the focus rests on extreme fire weather days, marking the upper percentile of these hazardous conditions. Given Australia's unique landscape, the bushfire index plays a pivotal role in gauging and communicating these potential threats.

Historical Trends and Climate Consequences

The historical data, dating back to as early as the 1950s, mirrors a disconcerting ascent in perilous fire weather days across Australia. Whether the timeline extends to the inception of the 1900s, the overarching trend remains steadfast. Elevated temperatures and diminishing rainfall collectively propel this pattern, ushering in extended phases of dry weather. This cyclical effect translates into an augmented frequency and magnitude of bushfires, imperilling communities, ecosystems, and the nation's economic landscape.

Climate Projections and Unveiled Risks

As predicted temperatures persistently escalate and established rainfall patterns morph, conditions conducive to bushfires gain a stronger foothold. This trajectory underscores the urgency for robust mitigation and preparedness strategies to mitigate the amplified risks.

The Nexus of Governance and Bushfire Index

Amidst these evolving trends, the connection between the bushfire index and governance looms large. It entails far-reaching implications for governance and boards, especially in sectors susceptible to fire vulnerabilities. Here's an exploration of how the bushfire index influences governance:

  1. Redefining Risk Management: The escalating bushfire risks demand an elevated risk management approach. Boards must oversee thorough fire risk assessments, employing data from the bushfire index to evaluate potential consequences on assets, operations, supply chains, and workforce safety.
  2. Envisioning Scenarios: Boards must engage in comprehensive scenario planning, assessing the potential outcomes of various fire risk scenarios. By integrating data from the bushfire index, boards gain the insights necessary to safeguard organisational resilience.
  3. Fortifying Resilience: Organisations must cultivate resilience against escalating fire threats. Boards can encourage the development of fire-ready practices, including training, evacuation protocols, and collaboration with local emergency services.
  4. Transparency and Disclosure: Transparency remains paramount. Boards should ensure accurate fire risk information reaches stakeholders, enabling well-informed decision-making by investors, customers, and the broader community.
  5. Integrating Climate Resilience: Embedding bushfire index data into broader climate risk assessments is essential. Boards should acknowledge the interconnectedness of fire risks with other climate-driven challenges, such as heatwaves and extreme weather events.
  6. Community Engagement: Organisations often play a pivotal role in their communities during fire emergencies. Boards must consider how to effectively engage with stakeholders, provide assistance, and bolster community resilience.

In Conclusion

The bushfire index stands as a stark reminder of Australia's escalating vulnerability to bushfires, fuelled by climate change. As the index data underscores the urgency for climate adaptation and mitigation strategies, governance and boards hold a pivotal role in addressing these escalating risks. By effectively integrating the implications of the bushfire index into their decision-making processes, boards can navigate the evolving landscape and foster resilience against the growing bushfire threat.

Read More