4 min



Lock down cyber security planning

10 Sep 2018 Christopher Hall

Cyber Security

4 min



Making your digital assets safe means investing in cyber security. Peter Graham, from DXC Technology, is specialist in the area and was a panel speaker at CCI’s 2018 Cyber Focus Forums. He helps clients predict attacks and respond to threats to their data, applications, infrastructure, and endpoints. Understanding cybercrime may not make your organisation safer, but reviewing your security standards with the help of an expert can make a big difference.

“Cyber incident readiness is finally an issue at the highest level of management, and needs to be driven by The Board and CEO who can no longer afford to ignore the urgent need for adopting a response plan,” he explains. 

Graham sees building resilience as integral to an organisation’s broader operational security. 

“Computer networks and systems all around the world are now vulnerable all the time, because the bad guys are getting better at what they do, and they use more sophisticated ways of causing damage that spreads quickly.”

The Center for Strategic and International Studies (CSIS) with McAfee tracked the cost of cybercrime in their research studies. The Australian Government’s online reporting system had recorded more than 114,000 instances of cybercrime over the last three years, with almost 24,000 in 2017.

A report by the World Economic Forum (WEF) on advancing cyber resilience advises organisations to have durable networks and systems and manage their digitisation well. It must come as some relief to organisational leaders that they can now source tools and principles for building a more secure environment. Some are available through the WEF report but many organisations are engaging directly with industry experts, like Peter Graham, who represent specialist security firms.

Note the importance of a cyber incident response plan.

“Once you have the tools and your principles worked out, you can create a cyber incident response plan and make sure everyone knows their role in carrying it out,” says Graham. 

The resources are designed to support strategic decision-makers, at both Board level and the CEO, to ensure accountability for cyber security throughout the organisation. 

“The Board needs to think about delegating the right people for accountability roles, because they will be regularly reviewing cyber resilience and ensuring there is also independent assessment of cyber security measures outside of the organisation.”

Recognising actions taken before an incident can be key to mitigating a threat, and Boards should understand risks and make cyber risk reporting a standing agenda item at Board meetings.

Note the importance of a cyber risk framework.

A framework will clarify threats, vulnerabilities, the values at risk (reputational and assets), and responses for your organisation.

Many common cyber threats are so obvious they are becoming invisible because of the exponential growth of physical and cyber-related systems, and the Internet of Things labyrinth.

Internet of Things - Content

According to a report by The World Economic Forum, 88% of market leaders surveyed about cyber resilience believed businesses were not ready for the risks and challenges presented by the Internet of Things.

As Graham says, “talks around cyber security need to shift to a whole-of-business discussion and move on from circular conversations within an IT department. Everyone within an organisation must be aware of their role in protecting digital assets, as well as physical ones. This conversation needs to come from the top and action needs to be directed from the top down.” 

For more information, view Peter Graham's video on Changing the way we think about data.

"Cybercrime is the greatest threat to every company in the world."

Ginni Rometty, IBM's chairman, President & CEO

Defining an organisation’s risk appetite, assessing their risk profile, and risk benchmarking will involve analysing demographics and costs versus responses and threats. Boards can potentially reduce damage costs caused by cybercrime by making ongoing improvements to their cyber security. 

Graham sees rapid growth in the demand for expertise in cyber security. The Forum’s report predicts more partnerships, public-private cooperation, and increasing leadership roles specific to cyber security control within organisations in the future.

“You can be sure the necessary investment to improve cyber resilience is going to become an important cost of doing business for all companies,” says Graham.

Click here to view Peter Graham's video on changing the way we think about data.

The World Economic Forum’s Advancing Cyber Resilience project engaged Board members at leading companies, across industries globally. Almost 85% of participants agreed better cyber resilience tools and education are sorely needed to provide proper oversight of an organisation’s cyber security.

Who can keep track?

Impact of the Fourth Industrial Revolution is a proliferation of emerging technologies. Physical devices with internet-enabled connectivity become cyber physical systems, and a conduit for business disruption. The Internet of Things equals hyper-connected devices. 

About Peter Graham

Peter is an Information Security consultant with over 25 years of experience working across IT Governance, IT Risk Management and Audit/Compliance, Data Protection frameworks, PCI DSS Compliance, IT Security,  Business Continuity and  Disaster Recovery. He has applied his skills in multiple industry sectors and completed several international assignments and secondments, including a global B2B project implementing IT Security, recovery strategies and infrastructure requirements. He leads IT Governance, IT Security, Assessment and Compliance, Risk Management and Business Continuity projects across a range of industries. 


World Economic Forum: Future of Digital Economy and Society System Initiative, Advancing Cyber Resilience: Principles and Tools for Boards, In collaboration with The Boston Consulting Group and Hewlett Packard Enterprise, January 2017

James Lewis, Economic Impact of Cybercrime—No Slowing Down Report, https://ia.acs.org.au/article/2018/cost-of-cybercrime-soars.html


Christopher Hall

An integral member of CCI’s Risk Support team, Chris is a Risk Consultant with nearly 15 years of service at CCI. He supports Catholic Schools and education offices across the country, helping to reduce risk profiles and incidents of injury or property. He provides technical risk and compliance advice, and applies his skills across different areas of the business in ways that support, meet challenges, and offer tactical and strategic solutions for the Parish, Education and Social Welfare/Community Care sectors of the Church.

See all articles by Christopher

Find resources to help manage your cyber risks

Learn More

Subscribe to be kept up‑to‑date on CCI Insights