GovernWith Blog

GovernWith blog for Boards, Directors and Executives who want to develop their governance capabilities, achieve their strategic goals and mitigate risk.

Cyber Response Planning for the Board of Directors

Cyber Response Planning for the Board of Directors

Empowering Boards for Cyber Resilience: Navigating Director Responsibilities

In today's digital age, cybersecurity stands as a formidable challenge for organisations across sectors. The dynamic landscape necessitates boards and directors to evolve their approach, effectively countering the escalating threat of cyber attacks. In this article, we delve into a profound conversation with Vera Visevic, shedding light on the critical imperative for directors to grasp cybersecurity nuances, harness relevant expertise, and fulfil their duties within an ever-changing legal and technological framework.

Cyber Response Planning for the Board of Directors Snippet

 

Equipping Directors with Cyber Insight:

Vera Visevic highlights a foundational requirement – directors must acquire a comprehensive comprehension of cybersecurity. This understanding extends beyond the surface, given the far-reaching impact of cyber risks. To empower directors, tailored training in cybersecurity takes precedence. A well-informed board can cultivate a culture of cyber awareness and align their governance practices with the intricacies of the digital realm.

Leveraging Expert Proficiency:

The surge in cyber threats necessitates expertise that might be lacking within boards. Vera emphasises the value of enlisting directors who possess a background in cybersecurity. These individuals offer insights bridging the gap between boardroom discussions and the complex realm of cyber threats. However, given the scarcity of such experts, alternative avenues emerge. Establishing a dedicated subcommittee focused on cybersecurity empowers organisations to tap into external specialists. This collective knowledge reinforces a proactive stance in mitigating cyber risks.

Exploring External Collaborations:

In instances where internal expertise is limited, external collaborations become pivotal. Vera recommends that organisations allocate resources for engaging external cybersecurity specialists. These professionals provide an objective, well-informed perspective that enhances decision-making. The investment in external advice not only bolsters cybersecurity strategies but also signifies a commitment to due diligence within a transforming legal landscape.

Legal Ramifications and Continual Obligations:

Vera Visevic illuminates the evolving legal dimensions surrounding cybersecurity. As laws progress, directors find themselves under heightened scrutiny regarding their cyber readiness. Boards must remain attuned to these legal shifts. As organisations navigate this intricate landscape, it's clear that cybersecurity is not a static concern; it's an ongoing commitment. Directors must remain vigilant, adapting their strategies and policies to proactively address cyber threats.

The Imperative for Action:

The insights gleaned from Vera's expertise culminate in a resounding call to action. Boards can't afford passivity in the face of cyber risks. Ignorance is no longer a permissible excuse; the law mandates proactive measures. Organisations must facilitate cybersecurity education for directors and explore avenues to infuse cyber expertise into boardroom deliberations. Whether through specialised directors, dedicated committees, or external consultants, the objective remains constant: fostering a robust cyber defence strategy aligned with an organisation's ethos, values, legal obligations, and future aspirations.

Conclusion:

The confluence of technology and governance propels cybersecurity to the forefront of organisational priorities. Vera Visevic's insights underscore the essential fusion of cybersecurity expertise with boardroom decisions. As cyber threats gain complexity, directors must embrace education, collaboration, and external insights to effectively navigate this evolving landscape. Forward-looking organisations acknowledge that cybersecurity isn't an isolated concern—it's a core facet of resilient governance. By championing cybersecurity proficiency, boards guide their organisations toward a digitally secure future, fortified against the ever-evolving realm of cyber risks.

Read More
Director Mentorship

Director Mentorship

Nurturing Directors: The Vital Role of Mentorship in the Director Lifecycle

In the intricate world of corporate governance, a director's journey is marked by continuous learning and adaptability. Directors bear the weighty responsibility of steering an organisation's strategic course, navigating through shifting industry dynamics, managing risks, and contributing their distinct insights to board deliberations. Given this multifaceted role, mentorship emerges as an indispensable facet of a director's lifecycle.

In a candid conversation, Fi Mercer and Megan Motto delve into the significance of mentorship in a director's journey. They shed light on how experienced directors and executives play a pivotal role in guiding and nurturing the next generation of board members, ensuring a seamless transition and sustained growth.

Director Mentorship Snippet

 

The Crucial Link: Mentorship in Director Lifecycle

Fi Mercer initiates the discussion by underscoring the pivotal role of mentorship in a director's lifecycle. She acknowledges the duty of seasoned directors and executives to extend a guiding hand to novices, facilitating their smooth entry into the world of governance.

Megan Motto concurs wholeheartedly, emphasising that mentorship is an integral component of being a director. She stresses that mentorship can manifest within or outside an organisation. Be it an informal tête-à-tête before a board meeting or a structured mentoring program, the objective remains the same: to offer support and validation to emerging directors.

Empowering Confidence and Fostering Inclusivity

Mentorship transcends the mere imparting of guidance; it revolves around cultivating confidence in new directors. Megan Motto elucidates that while emerging directors may possess brilliant ideas, they often require affirmation to feel self-assured about voicing their viewpoints. A mentor assumes a pivotal role in assuring them of the value of their insights.

Furthermore, mentorship contributes to a sense of inclusivity and belonging. Just as employees flourish when they forge close bonds with colleagues at work, directors thrive when they know they have allies around the boardroom table. In this context, inclusivity signifies not only making emerging directors feel welcome but also motivating them to engage actively.

Harnessing Fresh Perspectives: The Power of Emerging Directors

Megan Motto underscores the significance of new directors and their innovative ideas. Unencumbered by the baggage of history, these individuals bring fresh and novel perspectives to the boardroom. To harness this potential, mentorship emerges as a critical tool in aiding these emerging leaders in finding their voices.

Diversity and inclusion are not mere buzzwords; they are foundational to an organisation's success. New directors, with their diverse backgrounds and experiences, serve as a valuable wellspring of diversity. Ensuring they feel self-assured and adequately equipped to contribute is essential for achieving genuine inclusivity.

In Closing: The Mentorship Imperative

Within the sphere of corporate governance, mentorship acts as a bridge, linking seasoned directors with those embarking on their governance odyssey. It serves as a conduit for the transfer of knowledge, the nurturing of self-assurance, and the cultivation of innovative perspectives.

Aspiring directors should actively seek mentorship opportunities, while experienced directors should contemplate taking on mentorship roles. Through mentorship, we can foster a more inclusive and dynamic boardroom culture where every director is empowered to actively participate.

In the ever-evolving landscape of governance, mentorship is not merely a choice; it is an ethical obligation—one that possesses the potential to shape the future of corporate leadership.

The symphony of governance resonates more harmoniously when we embrace the transformative power of mentorship.

Read More
Director Mentorship Inside and Outside the Organisation

Director Mentorship Inside and Outside the Organisation

Enhancing Director Development: Balancing Internal and External Mentorship

In the realm of corporate governance, mentorship stands as a cornerstone for nurturing directors throughout their career lifecycles. Whether they are aspiring or seasoned directors, mentorship offers invaluable guidance, wisdom, and support. However, the effectiveness of mentorship is not solely the responsibility of the mentor; it equally depends on the active participation and initiative of the mentee.

Director Mentorship Inside and Outside the Organisation Snippet

 

The Mentee's Active Role

Megan Motto, an accomplished expert in director development, emphasises the collaborative nature of mentorship. She underscores that the impetus for mentorship should be shared between the mentor and the mentee. According to her, mentees should actively seek out mentorship opportunities and demonstrate commitment to their own growth and advancement. This proactive approach ensures that mentees are genuinely dedicated to their personal and professional development.

Mentorship is not a one-sided endeavour where mentors shoulder all the responsibilities. Megan encourages mentees to take the reins and proactively steer their mentorship journey. She highlights the significance of mentees taking charge and actively owning their development. This approach is rooted in the belief that individuals who actively drive their growth are more likely to excel in their directorial careers.

Choosing Between Internal and External Mentors

During her conversation with Fi Mercer, Megan delves into an intriguing aspect of mentorship: the choice between internal and external mentors. While internal mentors offer valuable insights into an organisation's specific dynamics, external mentors bring an entirely fresh perspective to the mentoring relationship.

The Role of Internal Mentors

Megan advocates for a balanced approach, underscoring the importance of having both internal and external mentors. Internal mentors, often senior executives or experienced directors within the same organisation, can provide mentees with insights into the company's culture, operations, and strategic objectives. These mentors offer tailored guidance that aligns with the mentee's current professional context.

The Value of External Mentors

On the other hand, external mentors, who have no direct affiliations with the organisation, bring a broader, impartial perspective. They can introduce mentees to innovative ideas, alternative viewpoints, and strategies that may not have surfaced in internal discussions. Their independence enables them to see beyond the constraints of corporate culture and hierarchy.

The value of external mentors lies in their ability to infuse "blue-sky" thinking into the mentorship equation. They bring a fresh, unburdened viewpoint that can prove invaluable when addressing complex challenges or envisioning the organisation's future. They are unencumbered by historical narratives or preconceived notions that may permeate internal discussions.

Conclusion

In summary, mentorship unfolds as a collaborative endeavour in the director development journey. Megan Motto's insights remind us that mentees bear a pivotal role in steering their growth and development. Their active engagement and unwavering commitment are fundamental to a fruitful mentorship experience.

Moreover, the choice between internal and external mentors introduces depth to the dynamics of mentorship. Both categories of mentors offer distinct perspectives and advantages. Embracing the dual mentorship approach, encompassing both internal and external mentorship, can empower directors to navigate the intricate terrain of governance with confidence and innovation.

Read More
Cyber Lessons Minimising Risk

Cyber Lessons Minimising Risk

Navigating Cybersecurity Risk: Lessons in Governance and Director Responsibility

In the ever-evolving world of business, the looming spectre of cybersecurity risk demands astute attention and strategic management. Vera Visevic, a legal expert, delves into the intricate realm of cybersecurity risk management, illuminating crucial lessons that underscore the importance of regular risk assessments, well-defined response strategies, and the imperative of maintaining a robust framework of governance. As businesses grapple with the complex interplay of technology and risk, Vera's insights offer a compelling perspective on how organisations can effectively traverse the complexities of cybersecurity risk to shield their operations and reputation.

Cyber Lessons Snippet

 

The Inevitability of Cybersecurity Risk:

In today's interconnected world, cybersecurity risk emerges as a formidable and multifaceted concern that permeates nearly every facet of business operations. Vera astutely points out that the objective isn't to eliminate cybersecurity risk entirely—an often unattainable feat. Instead, the emphasis rests on significantly reducing risk through the implementation of robust cybersecurity documentation and controls. While complete eradication remains elusive, the quest to curtail risk to an acceptable level serves as a pivotal aspect of diligent risk management.

Lessons from Cyber Risk Assessments:

The notion of performing a single cyber risk assessment and considering the task complete is a fallacy that organisations must disavow. Vera emphasises the significance of conducting regular cyber risk assessments, recognising that the cyber threat landscape is dynamic and ever-evolving. By embracing a continuous approach to risk assessment, organisations remain attuned to emerging threats and vulnerabilities, enabling timely adaptations to cybersecurity strategies and controls. Such an approach acts as a proactive bulwark against potential breaches and their subsequent fallout.

Navigating Cyber Events with Preparedness:

Preparedness lies at the heart of an effective response to any cyber event. Vera underlines the importance of having a well-defined response plan in place—a non-negotiable imperative. Cyber events can strike unexpectedly, and without a clearly delineated response strategy, organisations risk contending with chaotic scenarios that exacerbate the impact of the breach. An organised and rehearsed response plan, coupled with transparent communication channels, empowers organisations to rapidly and effectively mitigate the aftermath of cyber incidents, thus minimising potential harm to operations, reputation, and stakeholder confidence.

The Pivotal Role of the Court:

In the unfortunate event that cybersecurity matters culminate in legal proceedings, Vera highlights a critical factor that organisations must recognise—the court's reliance on cyber experts. As the legal landscape intertwines with the intricacies of technology, courts increasingly turn to cyber experts to determine the expected course of action in specific situations. This underscores the gravity of an organisation's duty of care, skill, and diligence in the realm of cybersecurity. The Australian Institute of Company Directors (AICD) director's guide reaffirms that lacking specialist knowledge in ICT and cybersecurity doesn't exempt directors from the responsibility of ensuring effective governance in these domains.

Upholding Governance in Cybersecurity:

Vera's insights reinforce the idea that cybersecurity governance isn't an isolated domain reserved exclusively for experts. Each director carries the weight of ensuring that appropriate governance mechanisms are in place to safeguard the organisation's digital landscape. The AICD director's guide serves as a compass, illuminating the fact that directors have a duty to oversee cybersecurity governance, even if they lack specialised expertise in the field.

In Conclusion: Navigating the Intersection of Risk and Governance

Vera Visevic's discourse illuminates the intricate juncture of cybersecurity risk and governance, elucidating the lessons drawn from her legal expertise. From the inevitability of cyber risk to the significance of recurring risk assessments, from the importance of readiness in responding to cyber events to the court's reliance on cyber experts, her insights chart a trajectory for organisations to skilfully navigate the intricate waters of cybersecurity risk. As technology continues to reshape the business landscape, the responsibility of directors to uphold cybersecurity governance remains steadfast, paving the way for a resilient and secure future in the digital era.

Read More
Director Retirement

Director Retirement

Navigating Director Retirement within the Director Lifecycle: A Guide to Strategic Planning

Within the intricate tapestry of a director's journey, from recruitment to retirement, there exists a crucial phase that demands meticulous planning—director retirement. In this article, we will explore the critical aspects of director retirement, focusing on the concept of "overboarding" and its implications. Additionally, we will incorporate LSI keywords related to directorship, governance, and the director lifecycle to provide a comprehensive understanding of this pivotal phase.

Director Retirement Snippet

 

Understanding Overboarding: A Governance Challenge

Overboarding, a term synonymous with the director lifecycle, refers to the practice of serving on an excessive number of boards, which can compromise a director's ability to fulfil their duties effectively. Megan Motto aptly underscores that being a director is far from a retirement job; it requires unwavering commitment, time, and an acute sense of responsibility. Retirement should ideally involve leisurely pursuits, yet the role of a director demands a starkly contrasting dedication—hard work.

Balancing Director Commitment and Retirement Planning

The confluence of director retirement planning and overboarding is a topic of paramount importance. Directors must assess their capacity to contribute meaningfully and weigh it against the allure of taking up additional roles. If the pursuit of additional roles begins to dilute one's commitment, it becomes evident that retiring from a board prematurely is the prudent course of action.

Recognising the Right Time to Retire

The decision to retire from a board hinges on the director's ability to recognise the right time. This necessitates a deep introspection into one's energy levels, attention span, and available time. If these vital resources are stretched thin to the point where a director cannot provide a comprehensive contribution to a board, it serves as a clear signal that retirement is in order.

The Vital Role of Open Conversations

Sometimes, the recognition of the need for retirement is a decision that directors cannot make in isolation. It often requires candid and transparent conversations, both within the board and between the director and the chairperson. The chairperson, often at the forefront of such discussions, must navigate this dialogue with a blend of sensitivity and firmness.

A Broader Dialogue in Australia: Director Lifecycle and Governance

Megan Motto's insightful perspectives catalyse a broader dialogue within Australia's governance landscape, encompassing the entire director lifecycle. This discussion spans the role of a director, the magnitude of responsibilities entailed, and the intricacies of director remuneration. Furthermore, it addresses the fundamental question of how many boards a director can reasonably serve on while maintaining effectiveness.

Conclusion

In summation, the director retirement phase within the director lifecycle is far from a passive stage; it demands meticulous planning and strategic foresight. Overboarding, a central theme in this context, underscores the need for directors to maintain an unwavering commitment to their roles. Directors must recognise when their capacity wanes and take the necessary steps to retire from a board if it compromises their effectiveness. Open dialogues and a more expansive discourse on directorship in Australia are indispensable to ensure that directors continue to serve with utmost dedication and responsibility throughout their director lifecycle. Director retirement should not be viewed as an endpoint but rather as a strategic manoeuvre to uphold the highest standards in today's multifaceted corporate governance landscape.

Read More
Cyber Risk - Are Directors Personably Liable

Cyber Risk - Are Directors Personably Liable

Navigating Director Liability in the Digital Age: Cybersecurity Responsibilities Unveiled

In the modern era of technology, the role of directors has undergone a profound transformation, accompanied by a slew of new responsibilities. This paradigm shift is particularly evident in the realm of cybersecurity. As organisations across diverse sectors embrace digital transformation, questions about the extent of directors' liability in safeguarding their entities against cyber threats have gained prominence. In this article, we delve into a compelling discussion between Wes Ward and Vera Visevic from Mills Oakley, shedding light on the evolving landscape of director liability and the intricate legal implications surrounding cybersecurity.

Are Directors Personably Liable Snippet

 

New Horizons, Fresh Responsibilities:

The infusion of technology into various facets of business and society has heralded exciting new possibilities. Yet, hand in hand with these opportunities come novel obligations that directors must grapple with. Vera Visevic underscores the pivotal notion that, alongside technological strides, directors are entrusted with an elevated duty to shield their organisations against the ever-evolving menace of cyber threats.

Amplified Director's Duties:

In the arena of directorial obligations, a core set of five or six responsibilities have long held sway. These encompass facets such as acting in the organisation's best interests, adroitly navigating conflicts of interest, and exemplifying vigilance, competence, and diligence. However, Vera cogently elucidates that the duty of care and diligence is now expanding its domain to encompass the intricate terrain of cybersecurity. In a landscape where business operations are inextricably entwined with digital dimensions, directors are expected to exercise judicious care and diligence in shielding their organisation's digital assets from the multifaceted spectrum of cyber risks.

The Unveiling of Cyber Resilience:

The concept of cyber resilience has surged to the forefront in recent times. It encapsulates the need for organisations to foster a culture that is astutely primed to withstand and rebound from cyber incidents. Vera emphasises that cyber resilience isn't just a cultural prerogative; it constitutes a bona fide legal duty for directors. They are not merely anticipated to incorporate cybersecurity practices within the organisational fabric but are mandated to do so. Cyber resilience is more than a catchphrase—it's a tangible commitment to shoring up defenses against the digital onslaught.

Decoding Personal Liability:

The notion of director liability in the context of cybersecurity isn't a mere abstraction—it's a palpable concern. Should a director falter in fulfilling their duty of care and diligence in safeguarding against cyber threats, they may find themselves confronting personal liability. In essence, if a cyber incident materialises due to a director's neglect to exercise prudent care in cybersecurity matters, they could be ensnared in a web of legal ramifications. It's a stark reminder that the evolving nature of cyber threats demands an equally dynamic approach to directorial responsibilities.

The Australian Institute of Company Directors (AICD) Standpoint:

The Australian Institute of Company Directors (AICD) has long stood as a vanguard in guiding directors through their multifaceted responsibilities. Vera astutely highlights that as far back as 2016, the AICD recognised the burgeoning significance of cybersecurity in the directorial realm. Their stance reverberates: cyber resilience isn't just an optional pursuit—it's a cultural bedrock. Moreover, the duty of care and diligence isn't confined to conventional realms; it has now expanded its embrace to encompass the rapidly evolving landscape of cybersecurity.

In Conclusion:

As technology inexorably weaves its tapestry into the fabric of modern business, directors grapple with a shifting panorama of responsibilities. No longer is directorial accountability circumscribed to traditional domains; it's expansively intertwined with cybersecurity preparedness. With the duty of care and diligence undergoing a metamorphosis to encompass cybersecurity, directors are impelled to proactively engage with and address the multifarious visage of cyber risks. In essence, embracing cybersecurity as an integral facet of directorial responsibilities heralds the cultivation of resilient organisations, poised to navigate the digital epoch with sagacity and poise.

Read More
Director Retirement - Succession

Director Retirement - Succession

Director Succession Planning: Nurturing Governance Excellence

Director succession planning, often veiled in secrecy, is a vital but under-discussed facet of corporate governance. In this article, we delve into the essential world of director succession and its pivotal role in the director lifecycle, from recruitment to retirement. We'll explore insights from Megan Motto and emphasise the importance of structured, transparent succession processes in the realm of governance.

Director Retirement - Succession Snippet

 

Navigating the Succession Challenge

One of the paramount challenges in the director lifecycle is the perception that succession planning is shrouded in mystery. Fi Mercer aptly characterises it as "secret squirrel business." Here, we explore the insights shared by Megan Motto and underscore the significance of open and well-structured succession planning processes.

Transparency: The Cornerstone of Succession

Transparency within the director lifecycle is indispensable. Megan Motto highlights that even the selection of committee members and chairs can be enigmatic on certain boards. In some instances, it's akin to a "captain's pick," where the chair makes unilateral decisions without engaging the board.

Evolving Governance Sophistication

In response to evolving corporate governance norms, boards are increasingly recognising the need for sophisticated director succession planning. Megan Motto shares her experience on a board that has adopted a comprehensive governance framework for succession planning. This framework includes designated meetings specifically dedicated to succession planning discussions.

The Power of Structured Succession

Megan's example underscores the importance of structured succession planning. Her board schedules a particular meeting on the annual work plan exclusively for succession planning considerations. During this meeting, the board evaluates potential candidates for leadership roles, committee chairs, and other pivotal positions within the organisation.

Delicate Conversations: The Heart of Succession

Succession planning involves delicate and confidential conversations. It demands astute consideration of candidates and their readiness for leadership roles. Megan Motto emphasises the necessity of having individuals who can navigate these discussions with finesse and consideration.

Fostering Fairness and Transparency

Ultimately, the objective of succession planning is to establish a fair and transparent process that instils confidence in board members. When directors perceive the process as equitable, it bolsters trust and cohesiveness within the board.

Harnessing the Scheduling Advantage

A practical insight from Megan is the power of scheduling. By incorporating succession planning discussions into the board's annual work plan, boards can ensure these vital conversations occur regularly. This approach transforms succession planning from a clandestine endeavour into a systematic and transparent process.

Conclusion

In conclusion, director succession planning is a pivotal component of effective corporate governance. It's not solely about individual directors' aspirations but also about the organisation's commitment to nurturing future leaders. Transparency, structured processes, and delicate conversations are integral elements of successful succession planning. By scheduling succession planning discussions and treating them with the same gravity as other governance matters, boards can ensure a fair and transparent process that readies them for the challenges and opportunities ahead in the director lifecycle, from recruitment to retirement.

Read More
Role Of The Director Cyber Security

Role Of The Director Cyber Security

Enhancing Director Preparedness: Addressing the Role of Cybersecurity in Corporate Governance

In the dynamic realm of corporate governance, directors wield significant influence in guiding organisations through multifaceted challenges. With the rise of cyberattacks as a substantial threat, the imperative for directors to grasp their role in risk mitigation has gained prominence. Governance expert Fi Mercer provides illuminating insights into how directors can comprehend the gravity of cybersecurity concerns, evaluate their competencies, and engage in strategies to bridge knowledge gaps.

Role Of The Director Cyber Security Snippet

 

The Crucial Role of Directors in Risk Management

Fi Mercer underscores the fundamental obligation of directors to proactively identify and address risks within their organisations. This responsibility extends beyond the boardroom, necessitating directors' active engagement in recognising and responding to potential threats.

Assessing Directors' Competencies

Central to addressing these challenges is the regular evaluation of directors' skills. Mercer highlights the significance of skills assessments to determine if directors possess the necessary expertise to navigate emerging risks. In cases of skills gaps, a structured plan should be developed to enhance directors' capabilities and empower them to effectively address threats.

Empowering Directors with Cybersecurity Acumen

A pressing concern is the lack of cybersecurity knowledge among directors. Mercer asserts that this knowledge gap is particularly troubling, as it hinders directors from asking pertinent questions and making informed decisions about cybersecurity matters.

Shedding Light on the Cyber Knowledge Gap

Directors' unfamiliarity with cybersecurity intricacies can lead to ineffective discussions and decisions. Mercer stresses that a lack of foundational knowledge prevents directors from posing meaningful inquiries and fully comprehending the cybersecurity landscape.

Empowering Directors for Informed Action

To bridge this gap, Mercer suggests a multi-pronged approach. Directors should actively participate in ongoing educational programs, workshops, and seminars focused on raising cybersecurity awareness. This approach equips directors with essential concepts and terminology crucial for meaningful discussions.

Leveraging Expertise for Informed Dialogue

Collaborating with cybersecurity experts is another strategy Mercer advocates. Engaging with specialists who possess real-time insights into evolving cyber threats empowers directors to contribute effectively during cybersecurity discussions.

Embedding Cybersecurity in Governance Frameworks

To address cybersecurity risks comprehensively, boards should consider integrating cybersecurity as a recurring item on their agendas. By dedicating time to deliberate cybersecurity concerns, boards signal their commitment to proactive risk management. Mercer proposes incorporating cybersecurity as a standing topic within risk committee discussions.

Crafting Specialised Cyber Committees

In scenarios where cybersecurity assumes paramount importance, organisations may establish dedicated cyber committees. These committees facilitate direct interactions between experts and directors, enabling a deeper understanding of threats and potential solutions.

Fostering Curiosity and Inquisitiveness

While directors need not be cybersecurity experts, Mercer underscores the value of cultivating curiosity. Directors are urged to ask probing questions, enabling them to navigate the nuances of the cybersecurity landscape more effectively.

Navigating Director Liability and Legal Considerations

As directors engage in cybersecurity discussions, they should also be mindful of their legal responsibilities and potential liabilities. Understanding the legal implications of cybersecurity decisions is crucial for directors to make informed choices that protect both the organisation and their personal interests.

Conclusion: Equipping Directors for Cyber-Resilient Governance

Fi Mercer's insights emphasise the evolving role of directors in mitigating cyber risks within corporate governance. By embracing continuous learning, collaboration with experts, and integrating cybersecurity into boardroom discussions, directors can bolster their capacity to manage cybersecurity challenges effectively. This proactive approach not only safeguards organisations but also empowers directors to navigate legal considerations and uphold their responsibilities with confidence.

Read More
Top Tips-Director Transition Cycle

Top Tips-Director Transition Cycle

Enhancing Board Performance: Expert Tips for Director Recruitment, Transition, and Induction

In the dynamic landscape of non-profit sectors, particularly in areas like healthcare, aged care, human services, education, and communities, effective governance plays a pivotal role. To delve deeper into the strategies behind cultivating a high-performing board, we turn our attention to the insights shared by Rebecca Murphy from Aon and Fi Mercer from GovernWith's Boardroom Plus platform. As leaders in Board Review and Development, their expertise sheds light on key aspects of director recruitment, transition, and induction.

Top Tips-Director Transition Cycle Snippet

 

Initiate with Strategic Planning and Leverage the Board's Skills Matrix

At the core of steering any organisation towards success lies strategic planning. Rebecca Murphy emphasises the importance of commencing the board's journey with a well-defined planning process. This process serves as the cornerstone for informed decision-making, risk management, and strategic alignment. A crucial tool in this endeavour is the board's skills matrix, a compass guiding the alignment of directors' collective expertise with the organisation's objectives. This invaluable resource shapes the composition of the board, ensuring that its members possess the requisite proficiencies to navigate the multifaceted terrain of non-profit governance.

Investing in Continuous Director Development for Optimal Functionality

Fi Mercer firmly concurs that investing in board development yields transformative outcomes. She accentuates the significance of ongoing investment across various domains, encompassing skill enhancement, risk oversight, and strategic leadership. Mercer's insights underscore that achieving a high-performing board is a continuous pursuit, necessitating unwavering commitment and resources. A boardroom populated by high-functioning directors acts as a potent asset for organisations seeking to adeptly manage risks while steering their strategic trajectory.

Induction: Beyond a Singular Event

Induction emerges as a pivotal milestone for new directors entering the boardroom. Fi Mercer highlights the critical nature of a well-executed induction process. When executed effectively, it lays the groundwork for an engaged and dedicated directorship from the outset. The board's skills matrix once again takes centre stage in crafting impactful induction programs. Fi Mercer advocates for a comprehensive approach, integrating elements discussed by Rebecca Murphy, such as contextual relevance and continual learning. An ongoing theme in induction ensures that directors are not merely equipped with initial insights but are consistently supported as they immerse themselves in the organisation's intricacies.

The Continual Nexus of Planning and Development

Andrew Leahy astutely observes that the journey of cultivating a high-performing board is a continuum defined by perpetual planning and development. Strategic planning establishes the bedrock, while a dynamic skills matrix ensures that the board evolves alongside the organisation's evolving requirements. Amidst this trajectory, the significance of a structured review cycle cannot be understated. It is within this review cycle that boards assess their performance, pinpoint avenues for enhancement, and align strategies with evolving circumstances.

In Conclusion: Navigating the Path to Director Excellence

In the sphere of non-profit governance, excellence is an ongoing voyage rather than an ultimate destination. The insights shared by Rebecca Murphy and Fi Mercer underscore the significance of meticulous planning, continuous development, and thoughtful induction. The cultivation of a high-performing board is not an instantaneous achievement; it materialises through deliberate actions, iterative refinement, and a steadfast commitment to excellence.

As pioneers in Board Review and Development, GovernWith's Boardroom Plus platform encapsulates these principles, nurturing boards capable of adeptly navigating the challenges of tightly regulated non-profit sectors. By prioritising strategic planning, harnessing the potential of the skills matrix, and investing in continual development, organisations can pave the way for a future where their boards not only mitigate risks but also drive transformative impact. The journey towards director excellence is one marked by strategic foresight, continuous growth, and unwavering dedication to the organisation's mission.

Read More
What To Do When You Have A Cyber Attack

What To Do When You Have A Cyber Attack

The Intricacies of Cyber Incidents: Navigating Challenges

In the ever-evolving landscape of cybersecurity, the emergence of cyber incidents poses a critical threat to businesses of all sizes. In this article, we delve into the insights shared by cybersecurity experts David Rudduck and Wes Ward, shedding light on the intricacies of cyber incidents and the challenges they bring to the forefront.

What To Do When You Have A Cyber Attack Snippet

 

Understanding the Evolution of Cyber Incidents:

David Rudduck provides an illuminating perspective on how cyber incidents often unfold. He highlights that these incidents often start as seemingly minor computer problems, where employees encounter difficulties accessing data or systems. These initial signs prompt users to seek help from the IT help desk, which becomes the moment of revelation when the true nature of the incident comes to light.

For many businesses, this revelation is a wake-up call. In an ideal scenario, the business engages its insurance broker, who initiates the claims process with the cyber insurer. The insurer then assembles an incident response team to address the situation. However, the subsequent trajectory of the incident response varies based on the effectiveness of collaboration and the preparedness of the organisation.

Challenges in Managing Cyber Incidents:

David Rudduck and Wes Ward elaborate on the hurdles faced while managing cyber incidents:

Lack of Comprehensive IT System Inventory:

A pivotal challenge arises when incident response teams seek a comprehensive inventory of an organisation's IT systems. This inventory includes servers, databases, and other critical components. Frequently, businesses struggle to provide this detailed overview, resulting in delays in the incident response process. In unfortunate cases, the asset list itself may have been encrypted by cyber attacks, rendering it inaccessible and hindering the response team's efforts.

Inadequate Logging and Data Records:

The significance of logging data, which records every activity within an IT environment, becomes apparent during incident response. However, it's not uncommon for businesses to lack properly configured or comprehensive logging practices. Default logging settings might not suffice, making it challenging for the response team to gain insights into the incident timeline and the actions of threat actors.

Compromised Investigation Scene:

One of the most unfortunate aspects encountered after a cyber attack is the potential tampering of evidence by the organisation's internal IT team. While conducting their investigations, the IT team might unintentionally alter or damage crucial data that could have been crucial in reconstructing the actions of threat actors. This unintentional interference complicates the incident response process and impedes the creation of a comprehensive picture.

The Unfavourable Outcome:

As a result of these challenges, businesses often find themselves in an undesirable position. The lack of forensically relevant data hampers the ability to definitively disprove unauthorised access or data exfiltration. The absence of concrete evidence may require notifying stakeholders due to potential uncertainty. Moreover, threat actors may exploit the situation by employing the tactic of double extortion, claiming to have exfiltrated sensitive data and threatening its public disclosure.

Conclusion:

The insights shared by cybersecurity experts underscore the complex nature of managing cyber incidents. Businesses must be prepared to address challenges related to IT system documentation, data logging, and maintaining the integrity of the investigation scene. Through proactive measures such as robust asset inventories, comprehensive logging practices, and adherence to incident response protocols, organisations can enhance their ability to mitigate the impact of cyber incidents. By doing so, businesses can reduce the risk of falling victim to the intricate web of cyber threats and better safeguard their digital assets.

Read More
Director Mentorship

Director Mentorship

The Impact of Director Mentorship on Board Cohesion and Development

As boards navigate the intricate landscape of governance and seek to enhance director capabilities, the significant role of mentorship emerges as a linchpin. In this article, we delve into insights shared by expert Rebecca Murphy, shedding light on the profound influence of mentorship programs in fostering effective board engagement, integration, and unity.

Read More
Cyber Governance Models a Boardroom Response

Cyber Governance Models a Boardroom Response

Enhancing Board Governance in the Face of Cyber Threats: Strategies for Effective Management

In today's rapidly evolving business environment, the responsibilities of boards of directors have expanded to encompass a broader understanding of risks. Among these risks, the ever-present spectre of cyberattacks looms large. This article delves into the insights shared by governance authority Fi Mercer, shedding light on the crucial role that boards play in addressing cyber threats and the strategic approaches they can adopt to navigate this complex landscape.

Cyber Governance Models Snippet

 

Recognising the Board's Strategic Role:

Fi Mercer underscores the pivotal role of boards in tackling the paramount risks faced by organisations. To address the intricacies of cyber threats, boards must adopt a proactive stance in comprehending the nuances of cybersecurity challenges. Mercer highlights the significance of embedding cyber as a permanent item on the board's agenda. This practice ensures continuous engagement, enabling boards to grapple with the dynamic and evolving nature of cyber risks.

Integrating Cybersecurity in Board Agendas:

A potent method to encourage board involvement in cybersecurity is by making it a focal point within the risk committee's deliberations. While cyber threats might be noted on the organisation's risk register, their weight becomes more palpable when they are dissected in the risk committee's discussions. Mercer advocates for establishing cyber as a consistent element on the board's agenda, thereby fostering ongoing discourse. Queries raised by the board prompt tangible action within the organisation and nurture a culture of heightened cybersecurity awareness.

Cultivating Inquisitiveness and Dialogue:

Directors needn't be cybersecurity experts, but they ought to manifest a robust curiosity about the organisation's cyber risk landscape. Mercer and David Rudduck concur on the significance of cultivating a spirit of inquiry to unravel cybersecurity concerns. Such curiosity propels the organisation to adopt proactive measures in managing and mitigating cyber risks.

Strengthening Collaborative Approaches and Committees:

Boards can further fortify their cybersecurity governance by capitalising on committees. These committees establish an avenue for direct communication between the board and the executive team, facilitating informed dialogues about cyber risks. Mercer underscores the role of committees in nurturing collaboration and guaranteeing the infusion of pertinent expertise.

The Emergence of Specialised Cyber Committees:

In response to the escalating cyber threat panorama, certain organisations have embraced a more progressive approach by establishing dedicated cyber committees. Comprising experts proficient in cybersecurity matters, these committees offer specialised insights and counsel. By instituting such focused committees, organisations signal their commitment to combatting this pressing concern.

In Conclusion: Championing Cyber Governance

In the digital age, cybersecurity transcends the confines of IT departments to emerge as a prominent business risk demanding board-level attention. Fi Mercer's insights accentuate the necessity of embedding cyber as an enduring fixture in the board's agenda. Boards needn't be cybersecurity mavens, but they must exhibit genuine curiosity and a propensity to pose queries that propel cybersecurity governance. Through collaboration, committee formation, and embracing robust cyber governance, boards can fortify their preparedness to navigate the multifaceted landscape of cyber threats. By fostering educated conversations and proactive initiatives, boards are primed to assume a pivotal role in safeguarding their organisations against the tide of cyber risks.

Read More