GovernWith Blog

Cyber Security Key Points

• Understanding cyber security definitions is crucial for not-for-profit organisations in the Australian sector.
• Real-world examples highlight the importance of implementing robust security measures and frameworks.
• View videos from Australia's leading cyber security experts

Safeguarding Digital Assets in the Not-for-Profit Sector

In today's increasingly digital landscape, the not-for-profit sector faces unique challenges when it comes to protecting valuable digital assets. 

Key Points

• Our client is a leading provider of Health and Community services in regional Victoria. 
• Victorian State Government appointed a new Chair and four new Directors, resulting in a reduction in organisational experience on the Board.
• New Director Induction process transformed Board culture to one of contribution

Background

Our client is a leading provider of Health and Community services in regional Victoria.

Changing Technological Landscape

With the ever-changing landscape of technology, it brings with it a lot of new language to the table, which makes it seem complicated and one of those technically detailed conversations.

It doesn’t have to be. 

The frequency we are hearing terms such as cyber and cyber-security reported in the news is growing – even as recently as last week with the NSW Education department being hit by a cyber-attack.

Cyber Crime Across Australia

The Australian Institute of Criminology hasreleased a report putting the total economic cost of cyber-crime across Australia at $3.5 billion in 2019, including $1.9 billion lost by individual victims. 

With the depth and breadth of technology needed to run and work within an organisation increasing and the ongoing maintenance of the technology that this entails, the risk the IT infrastructure poses to the organisation is also escalating. 

Board Directors Must Get Educated on the Risks

As a Board director, you’re empowered to question the risks of any aspect of an organisation and with that comes the need to educate yourself to understand those risks and your organisation's preparedness to respond to those risks. 

Director Liability

It’s also worth noting that the Australian Federal Government is working on new cyber-security standards that include corporate governance, first floated in the 2020 Cyber Security Strategy,which may hold directors personally responsible for cyber-attacks.  

Cyber is an Equivalent Level of Risk

Addressing cyber and IT infrastructure risk should be no different to addressing finance or stakeholder engagement risk for example. 

It’s important that Board directors identify these risks as organisational risks and not just an IT problem, as taking this approach will encourage your peers, stakeholders and employees to take the same approach. 

In our research into cyber-security,Techradar recently reported that up to 99 per cent of cyber-attacks require human interaction to execute.  This is why it is so important to bring all levels of the organisation along on the cyber and IT infrastructure conversation. 

How do you have the conversation? 

The CEO is a lynchpin in the conversation, bringing information to the board and acting as a leader for the organisation's attitude to this topic. A great place to start is to have a strategic plan for cyber and IT Infrastructure for the organisation in place and that plan should be a regular part of the Board’s agenda and papers. 

What questions should be raised at a Board meeting? 

The Australian Cyber Security Centre has published a prioritised list of mitigation strategies to assist organisations in protecting their systems, called theEssential Eight. 

A great question off the back of those strategies is “how do we stack up?” 

It doesn’t have to be that detailed though, as suggested in the bookThe Secure Board, 

Great Cyber Security Questions to Ask at Board Meetings

1. Do we know who has access to our critical information assets and how is this monitored and managed? 
2. What happens in the event a key supplier is compromised? 
3. In our security team, how many people are focussed on the security of technology, and how many are focussed on the behaviours of our people? 
4. Are we doing everything we can for our customers to protect their data that we hold? 

Start a Cyber Risk Conversation

The most important thing though, is that the cyber and IT infrastructure conversation at the Board room level starts straight away before an incident occurs. 

Acceptance of these risks as organisational risks needs to be guided from the top, to then filter down through the whole organisation. 

Cyber Security Expert

If you’d like to hear more in depth, expert advice from one of Australia’s leading cyber security experts, Michael Parrant from Aon, simple watch the youtube video below.

This article takes inspiration from Anna and Claire’s book,The Secure Board, which is a fantastic starting point for assuring your board is addressing and understanding the cyber risk in your organisation.

GovernWith’s CEO & Founder Fi Mercer was joined by Bernie Kelly, Mentor to Executive teams leading industry transformation and Chair Australian Transformation & Turnaround Association, for our final webinar of 2021.  

Two years into the decade described as “The Decade of Disruption” - it’s living up to its name, with more yet to come. Your next moves are critical when we take the decade view. Fi and Bernie shared useful frames of reference and decisions to shift your trajectory moving into 2022 and beyond. 

About Bernie Kelly 

Through a career working in industry transformation, Bernie has become a life-long learner, practitioner, and mentor. He understands what it takes to work through the personal and team dimensions and loves seeing the breakthroughs working alongside people as their Transformation Partner. Bernie has been involved in executive teams as a CEO, COO, Exec, and Mentor. From first-hand experience Bernie knows that the number one point of failure is leadership teams that are change-fatigued and cannot get traction in an environment of continual change. This is an existential risk for organisations in The Decade of Disruption. He is on a quest to see more transition and less suffering from disruption this decade. 

Find Bernie on LinkedIn or his website

44% of Directors are not confident their induction process effectively prepares new directors for their role on the Board. A further 54% of Directors are not confident that their Board adequately addresses succession planning. If the start and end of the Director lifecycle are like this – what is the middle like? 

GovernWith’s CEO & Founder Fi Mercer will be joined by special guest Megan Motto, CEO of Governance Institute of Australia to discuss each stage of the Director's lifecycle and their learnings. They will also provide tips on how to ensure Directors have the tools and resources they need to succeed at each stage. 

A life cycle is a series of events bringing something new into existence, whether that’s a life, a product, or a director. The life cycle follows its growth and progression into maturity, eventual critical mass and finally, its decline. 

The stages of the Director’s lifecycle are recruitment, induction, development, mentorship, and retirement. These stages encompass the progression a director goes through over their tenure with a Board and whilst there are some common factors, the length of each stage is unique for every Board and Director. 

Let’s break down each stage: 

 Recruitment 

The first step of any life cycle is important, because without the right foundation being built at the beginning, you’re setting yourself up for failure. Therefore, having the right people on your Board is key to being able to achieve your purpose. Choosing the right Directors is hard, it’s a balancing act between choosing between the people you have apply and the skills, experience, qualifications, and behaviours you need to fill from the Directors departing. Knowing how these potential Directors are going to complement the existing ones, (or perhaps not), is critical to ensuring that the right people are recruited. 

Induction 

44% of Directors (from our governance data insights) are not confident their induction process effectively prepares new Directors for their role on the Board. This is not a comforting statistic for any new Directors who might be looking to join a Board. Having spoken to Directors old and new about what their induction programs looked like, and what works and what doesn’t, we’ve found that having an individually, targeted approach is key. It’s not a good use of time and resources to be educating new Directors on something they are already experts in, nor is it wise to assume that a director already knows something, especially when it is sector related. Connecting a directors induction program to their skills and capabilities is proving to help fast track a director’s confidence, engagement, and satisfaction. 

Development 

We’ve spoken about it at length in previous blog posts, such as Board Skill Sets - New Requirements for a New World , in this new world we find ourselves in when it comes to the skills required on a Board. With this in mind, it’s more important than ever that we’re not only upskilling Directors in the areas that they need, but also in a way that ensures the Board is well rounded. A well-rounded Board has a combination of Sector Specific Skills, Professional skills, Contemporary skills and, of course, Behavioural Skills. Knowing where each Directors areas are for opportunities of development is key for a sensible development plan rather than a scattered, generic approach. Targeted Education relevant to the identified capability gaps is proving to be far more important than the old “one size fits all” Governance Education that used to be rolled out regardless. 

Mentorship 

Whilst this may not be a stage that every Director goes through or spends much time in, it is a vital step to ensure the continuation of their organisational knowledge. Where possible, it is essential that more tenured Directors take newer Directors under their wing. Even something as simple as offering to have a cup of tea pre and post a Board Meeting to go over any items that they may want clarification on, helps build their understanding and confidence and ultimately helps meetings run smoother. What can then also be gained, is that they both bring forward something to the other, the more tenured Directors offer Board experience and knowledge, and the newer Directors can remotivate and remind those older directors who might be feeling stagnant or stuck in their Board roles. It reignites the question – Why are you on the Board? – What is my “Why”? because they have someone asking. 

Retirement 

And finally, after the Director has served their term and is ready for their next step, it’s time to consider their retirement. However, how is a director supposed to be assured that all their hard work will be continued when 54% of Directors (from our Governance Data Insights) are not confident that their Board adequately addresses succession planning. The fundamental piece to understand here is what skills are about to leave the Board, so that you can look for someone with similar skills to replace those gaps. Or it can be used as an opportunity to broaden the skills on the Board and diversify those around the table. 

As we’ve outlined in the life cycle progression above, being a director is a varied position that has five unique stages, each of which have specific requirements. 

 Thankfully, there is also the help of Boardroom Plus to assist with each stage of this life cycle as well. The Individual Director Development program that is now available – it helps people who want to be Directors become more prepared and the Whole Board Governance program that includes features to help with induction, development, recruitment, mentorship, and retirement. 

Book into a demonstration below 

Boardroom Plus

GovernWith’s CEO & Founder Fi Mercer was joined by John McKenna, Empowerment Advocate, to discuss how to conduct Stakeholder and Consumer Engagement meaningfully and fearlessly. Fi and John provided pointers on how to involve the Board deeply and measure outcomes to ensure they have real meaning for positive change. 

If you'd like to reach out to John for a chat, you can book a time to talk through his booking page at Pick My Brain  

The Evolving Skillset for Directors

The skills needed to be a director is an ever-changing list and in an environment of legislation changes, added media scrutiny and increased requirements to the scope of work required of a director – not matter the industry, it’s getting trickier for Boards to keep them.

Rising Employee Well-being Concerns

Added to this is the stressor of increasing exhaustion and burnout levels throughout every staffing level of the organisation and the struggle to replace staff who leave. A recent Deloitte survey suggests that in their survey of 2,100 employees and C-level executives across the USA, UK, Canada and Australia “nearly 70% of the C-suite are seriously considering quitting for a job that better supports their well-being.”

The Great Resignation

Looking beyond the C-suit, with the great resignation now at our shores, the Bureau of Statistics confirms that there has been an increase in the proportion of workers switching jobs – from a low of 7.5% in 2021 to 9.5% as at February 2022. Compounding this issue is a talent shortage, which is making it harder, taking longer and more expensive to replace the staff that leave. 

The Impact on Boards and Communities

Anecdotally, we’re hearing about this a lot from Boards, CEO’s and Executives who are having long serving staff, executive and Board members leaving and taking their wealth of sector and organisation specific knowledge with them. And especially in the smaller communities where they’ve always had a hard time recruiting for Directors it has become that much harder with the added external pressures. 

A Call to Action

Fi Mercer, GovernWith’s CEO and Founder, has spoken a lot about this over the last 12-months in the Aged Care sector, from the 2021 and 2022 Govern with Care conference, 2021 LASA Aged Services Innovation: Owning the Future Now, however it’s an issue for all Directors and not just those in Aged Care. We believe that it is such as important element that Directors must be aware of an act upon before it’s too late. 

Reimagining Succession Planning

Whilst this situation could be framed negatively, we think that it’s the perfect time to shake up succession planning and director appointments to give both a fresh perspective. With only 46% of Boards in 2021 feeling that they address all levels of succession planning there is room for improvement for all Boards. 

Innovative Approaches to Director Appointments

Apart from a focus on the future skills required for successful Boards there are other aspects to consider for thinking outside the box in terms of achieving director appointments. As companies are getting more creative and flexible in order to attract and retain staff members, Boards should think about doing the same for Board positions where they can. For example, there is an increase in the number of virtual director positions available where Directors who aren’t living in the community but have the skills needed by the Board are able to virtually be a part of the meetings and only travel to in person meetings on occasion. Another example is Boards who are recruiting younger professionals who are interested in becoming part of the Board but need to be upskilled in a particular area. These young professionals are then put onto sub-committees to learn and be nurtured by the more experienced Directors to gain the skills they need. This helps ensure future succession for the Board and gives opportunity to those who might not normally get it. 

Investing in Director Development

Along the same lines, more Boards are offering development opportunities for their directors as well. By organising for their directors to participate in a skills matrix to identify relevant and targeted training opportunities to upskill themselves Boards better able to attract professionals who are still growing their careers rather than at the end of it. 

Building Collaborative Alliances in Governance

Another opportunity that boards should consider is growing their relationships with other boards in the community. These affiliations, especially in areas like health and aged care where there is a real focus on this notion of partnerships, can help to share the load of governance. 

A final question for you to think about heading into the second half of the year - Is your Board looking at the skills, qualifications, experience and behavioural attributes of everyone around the table to ensure that should something happen you’d know the real breadth of skills that were being lost? 

If you want to learn the skills, qualifications, experience and behavioural attributes of your board or for yourself as an individual, register to attend one of our demonstration sessions here 

GovernWith’s Fi Mercer was recently invited to speak at Leading Age Services Australia (LASA) and Governance Institutes of Australia's Govern with Care Virtual Conference about the skill sets that are required to be an effective Aged Care Director. 

GovernWith's CEO and Founder Fi Mercer shared the top risks from our Board Governance Evaluation and Director Development and Skills Matrix, as discovered by our Governance Data Insights Whitepaper with data from 2018 to 2021. 

GovernWith is about to publish our Governance Data Insights Whitepaper for 2021, covering the Top 5 Governance Risks identified in 2021 from our Governance Review and Development Programs. Each year, as part of our commitment to our governance community, we publish our findings to increase the awareness of issues in governance and help provide Board and Councils with guidance on how they can improve and assurance that they are not alone in their governance struggles, whether they undertake their evaluations with us or not. 

Our Governance Data Insights Whitepaper for 2021, covering the Top 5 Governance Risks identified from our Governance Review and Development Programs from 2018 to 2021 has been published. Each year, as part of our commitment to our governance community, for supporting a culture of continuous review and development for effective governance we publish and share these valuable insights.  

This year, our Governance Data Insights Report includes over 450 board contributions in more than 14 sectors, focusing on Corporate Governance & Director skill areas. 

The Top 5 Governance Risks for 2021 are: 

1. Stakeholder Engagement 
2. Strategic Direction 
3. Continuous Review and Development 
4. Risk Management and Compliance 
5. Sector Specific Skills 

With 4 years of data from our growing community the data insights are even more compelling for supporting continuous review and development as key to building effective governance. 

In crafting the Whitepaper Report this year, we decided to look at our data in a new way. Usually, we group the organisations together according to the year that they have undertaken the evaluation (Annual Benchmark). This year we’ve added a twist and grouped organisations together based on the number of the evaluation they’re up to (Number of Evaluation Contributions). 

We found looking at the annual benchmark the results remained relatively static year after year. However, when we sliced the data by number of evaluations contributions, we see collective improvement that isn’t seen in the annual benchmark. It is evident that the pathway to governance improvement is continued annual evaluation, both for whole Boards and Individual Directors. 

GovernWith's CEO and Founder Fi Mercer was joined by Climatologist and Speaker Neil Plummer, to delve into how we can untangle the issues surrounding Climate Change and bring tangible risks and opportunities to the boardroom table. A huge contemporary risk for Boards and Directors to tackle, Fi and Neil unpacked Climate Change, how it relates to the Board and top tips to get started. 

Where to Start? Bringing Climate Change to the Board 

GovernWith's CEO and Founder Fi Mercer was joined by Climatologist and Speaker Neil Plummer, to delve into how we can untangle the issues surrounding Climate Change and bring tangible risks and opportunities to the boardroom table. A huge contemporary risk for Boards and Directors to tackle, Fi and Neil unpacked Climate Change, how it relates to the Board and top tips to get started. 

 Out of the Box Executive is partnering with Sustainably in developing Climate Savvy Pathways (CSP). This service identifies opportunities for transitioning your business model to one shaped by an economy adjusting to climate reality.  

Importantly, CSP can also assist your business to manage the growing risks with the climate and energy transition. 

These opportunities may include: 

• access to new markets 
• improved resilience 
• reducing excessive insurance premiums 
• reducing your energy and material costs 
• better staff recruitment and retention, and 
• improved reputation. 

Climate savvy pathways enables your business to apply current information to improve your: 

• Governance 
• Strategy, and 
• Policies and plans. 

For further information on Climate Savvy Pathways and how it may assist, please contact: 

Neil Plummer 

Director, Out of the Box Executive 

hello@outoftheboxexecutive.com.au

+61 400 979071