New Cyber Incident Response Blueprint for Australian Directors

By Gavin Hall | April 9, 2024

An empty white board table with eight chairs in an office skyscraper overlooking a city

Australian organisations continue to fall victim to sophisticated and damaging cyber security incidents, resulting in a significant loss of income, disruption to business operations, data breaches and brand damage.

To ensure that boards are confident that their organisation has a comprehensive, extensively tested plan in place for when (not if!) a cyber crisis occurs, the Australian Institute of Company Directors (AICD) has released new guidance.

Developed in partnership with the Cyber Security Cooperate Research Centre (CSCRC) and Ashurst, "Governing Through a Cyber Crisis" provides a world-first blueprint to assist Australian directors in navigating critical cyber incidents.


The Role of the Board During a Cyber Crisis

According to AICD "Boards have a key governance role to play in being aware of the cyber threat landscape, prioritising cyber resilience at their organisations and developing capabilities for the oversight of cyber risk and effective responses to cyber crises."

A board’s main role, before a crisis occurs, is to ensure the organisation is effectively prepared to respond to a range of cyber events. The role of the board during a cyber crisis is crucial in ensuring effective response and recovery.

What might have previously been considered as "the IT department's responsibility", board members are now held accountable for setting the overall cyber security strategy and ensuring its alignment with the organisation's goals and objectives. The board acts as a decision-making support to the executive leadership team and/or crisis management teams, and may also be required to communicate with and update customers and stakeholders about the event.

During a cyber crisis, clearly defined roles and responsibilities for the board and any board committees, are key to effective an effective cyber incident response plan.


The four 'R's'

The four 'R's' - Readiness, Response, Recovery, and Remediation - are critical components of an effective cyber incident response and recovery strategy.



Mounting an effective response to a significant cyber incident is complex. There can be many unknowns, many moving pieces and it will likely evolve at a rapid pace. This means that the board must be confident the organisation is adequately prepared for a range of possible scenarios and different threat actors. This experience can only be gained through having a well-tested cyber incident response plan (response plan) in place.

While the scale and complexity of cyber readiness planning will be unique to the size and complexity of each organisation, boards should look to assess the appropriateness of eight key elements (in the table below) when developing, reviewing and updating a cyber response plan.

  1. Business continuity and disaster recovery
  2. Stakeholder management and communications
  3. Customer complaints and support
  4. Data privacy and breach response
  5. Third-party service providers and experts
  6. Regulator response and investigation
  7. Playbooks and decision guidance
  8. Training and simulations



Response refers to the immediate actions taken when a cyber incident occurs. This includes activating the incident response team, containing the incident, and minimising further damage. The response phase requires clear communication channels, effective coordination among stakeholders, and swift decision-making.

The board has an important role to play in overseeing the decisions of management during the immediate response phase of a significant cyber incident. Directors should expect a critical cyber incident to rapidly evolve with decision-making based on imperfect information.

The board’s role includes ensuring the safety of employees and customers has been prioritised, management has the necessary support to respond to the incident and that key elements of the response plan have been initiated. 



Recovery focuses on restoring normal business operations after a cyber incident. This includes restoring affected systems and data, conducting forensic investigations to identify the root cause of the incident, and implementing necessary security enhancements to prevent future incidents.

The wellbeing of staff should be a key consideration in the recovery period, with a supportive, team-focused culture central to effective recovery and rebuild. 



Remediation involves addressing the vulnerabilities and weaknesses that led to the cyber incident. It includes patching security flaws, updating security policies and procedures, and enhancing employee training programs. Remediation aims to strengthen the organisation's overall cybersecurity posture and prevent similar incidents in the future.

The board has a key role in the long-term remediation phase of a cyber crisis where the organisation is seeking to rebuild trust and reputation and making investments to significantly strengthen its cyber defences. The board should expect a clear plan for each of these key activities, with regular reporting and updates. 


Read more about Cyber Incident Response Plans 


How Can Diamond IT Support Your Cyber Defences?

Our team of Business Technology Consultants are experts in assisting you locate potential threats or vulnerabilities in your organisation and suggesting ways in which you can mitigate or eliminate them to ensure your business is as secure as possible.

Combined with our Managed IT Services offering, which proactively supports customers in reducing risk and aligning with best practices, you can rest assured we have you covered.  

We offer a range of services that can help assess, support and test your cyber security posture including:

Contact our team today on 1300 307 907 and let us ensure your cyber security posture is as resilient as possible.


Cybercrime Statistic

TAGS: Tech Trends and Tips, Business Value, News and General, Business Technology Consulting,

About Gavin Hall
Gavin Hall

Gavin is a results-driven professional with experience in delivering enterprise-wide business and IT change. He holds PMP, ISO27001 Lead Implementer and Prince2 certifications as well as a Masters of Business Administration and has a broad range of management experience in financial services, leisure and retail industries. The right blend of professionalism, skills and management experience allows for a pragmatic 'right size' approach to succeed in delivering projects and programmes of work.