New Thinking
A roadmap for mid-market business owners
Adapting customer loyalty
Australia and the corporate governance experience
Australian and UK rail franchising experiences
Australian Regional Capacity Index
Australia's defence industry and the rise of Asia
Better business reporting – the journey continues
Big Data and why it matters
CHAFTA: Look to China for growth
Chinese Investment in Australia Demystified
Cloud – enabling business strategy
Corporate growth
Critical actions for a positive future
Cyber and digital security
Cyber security – Detect cyber threat
Cyber security – Protect your business
Cyber security – Respond to cyber threats
Cyber security – Secure organisational growth
Digital: A framework for the age of disruption
Digital: Reinventing the customer experience
Digital identity key for unlocking new business
Disrupting the board
Empowering Australians' impacted by their service
Financial reports de-cluttering in ASX200 companies
Financial System Inquiry – Innovation: Digital identity
Financial System Inquiry – Regulatory system
Financial System Inquiry – Superannuation and retirement incomes
Fixing Australia's naval shipbuilding industry
Future of investment management
Global shifts in defence and security
Harnessing the power of disruption
Here comes the M&A boom
Human services: rethinking regulation
Improving cities through urban renewal
Indirect Tax and International Tax – double the trouble?
Infrastructure trends
Leaving leadership development to chance is not worth the risk
Pricing: Defining the right strategy
Promising prospects in Australian corporate finance
Resource sector outlook
Risk transformation: Embracing conscious risk taking
Risk transformation: Engaging the first line of defence
Risk transformation: What makes a great CRO?
Road testing a public service reform agenda
Social media risks
Tax Reform: a call for fundamental change
Tax Reform: a new simplicity for fringe benefits
Tax Reform: a single tax collector
Tax Reform: stopping the fiscal drag
Tax Reform: property services tax
Tax reform – shaping the future
Tax transparency and morality
Technology and growth: working with the 'connected customer'
Technology's impact on investment industry
The constantly changing role of the CIO
The power of population
The private side of public investment
The Road to Paris
Transforming for consumer growth
Urban and regional growth: a smarter way
Utilities: technology is the future
Value of Audit
What is the future for government?
What a Japanese submarine option could mean for Australia
Cyber and digital security


Cyber and digital security

Cyber threats are growing in ferocity and volume, posing one of the greatest challenges to businesses navigating the complexities of the 21st century.

Risk indices show that over the past 5 years, managing cyber threats has moved from a number 20 priority to a top three risk. This means one of the most vital issues today is to ensure boards understand and endorse the right measures to combat cyber threats.

The good news is that C-level executives and the board are far more informed about cyber security than ever before. Boards are demanding more from management in terms of information about threats and seeking a real understanding of to how to deal with them. The days are long gone when IT professionals struggled to be heard at the board level.

Nonetheless, all large, complex organisations face continuously changing business dynamics, a drive towards greater innovation and the pressure to do more with less. Using the right form of communication therefore remains critical if IT and information security leaders are to engage with the board and management in a meaningful way. It is all about having the increasingly sophisticated conversations necessary to be able to move forward.

Mark Tims
"Risk indices show that over the past 5 years, managing cyber threats has moved from a number 20 priority to a top three priority."

Mark Tims
Partner, Technology Risk
Then again, with so much fear, uncertainty and doubt (the FUD factor) around, keeping the board engaged in positive discussion is also important, particularly when the talk turns technical.

A good way to communicate is to summarise the issues and solutions in a way that is real and personal to the board members. It is about learning to use less technical language and to make the discussion more relevant to the language of the board.

At the same time, IT and information security leaders need to keep the commercial imperative front and centre. It is essential they agree with the board about the business risk appetite and how information security will be managed.

While engaging the board is critical, it is equally important to ensure the cyber story is heard and understood throughout the organisation. Full organisational awareness is a key requirement to fighting cyber threats. There is no single method for this however. Rather it is a matter of understanding how to tailor the message to a particular audience. Ensuring content is appropriate and choosing the right timing are chief considerations.

Some organisations have dedicated awareness teams that work with external and internal communications and media teams to educate internal stakeholders and consumers. These can include multiple customer awareness and internal engagement programs using many different channels.

Making sure IT delivers without putting the organisation’s reputation at risk is also a major priority for complex organisations and requires a dynamic approach. A business has to ensure it has the appropriate layers of security every time it interacts with a customer. At the same time it must also remain relevant.

Knowing your customers and maintaining their trust is also a key consideration for information security. Knowing why customers trust your brand and investing in the maintenance of that trust is a large part of this.

Share this

Share this

Getting on board with cyber and digital security

KPMG hosted a panel at the 2014 CeBIT Conference to discuss how companies can help the board understand cyber and risk security.

Cyber security – the five most common mistakes

Cyber security – the five most common mistakes
This white paper provides insights for management to get the basics right on cyber security.

Cyber security

Mark Tims
Mark Tims and Matt O'Keefe discuss how financial services organisations have different risk postures and responses to cyber security.


We help our clients make choices that achieve growth and better understand and manage the challenges and opportunities inherent in technology.