Cybersecurity – the bigger picture

It is interesting to reflect that there have been three major revolutions in my time that have made it possible to be an international business woman with a specialisation in cyber security: 1) women in the workforce, 2) the commercialisation of the internet, and 3) commercial air travel at scale.  Prior to my lifetime and perhaps even earlier on in my life, what I do today would not have been possible or even on the radar of being possible.

At the top of every board governance agenda is, alongside diversity, cyber security. In an age where we need to assume breach, and those breaches as we have recently seen can even impact the final revolutionary factor of air travel, key areas of importance extend beyond traditional, isolated, security controls to collaboration and communication.

So what can people and organisations do about the issue of cyber security, when technology is everywhere and we are not always in control of our information on the public and uncontrolled mechanism of the internet, where everything is a postcard unless something is otherwise done to put it in a tamper-detecting envelope?

Cyber security that preserves social capital needs to engage the critical mass of the masses in becoming much less insecure to achieve ‘Herd Immunity’. There are three key inflection points for engagement by the fabric of our society toward ‘herd immunity’ in our online world: 1) Boards and organisational leaders, 2) Education, and 3) International trade and diplomacy.

Why? Boards set the strategy and accountability frameworks for organisations.  In doing so, they also influence smaller organisations and individuals, whether via investment, employment or supply chains. Successful companies, and organisations in the aggregate, also influence diplomacy and the conditions for the playing fields of international trade. They also have employees and these employees have families. For people to engage they have to understand and be able to report, which requires education. Only then can Boards receive the reporting they need under their organisational accountability frameworks.

Leaders, then, in protecting our organisations’ social capital and maximising stakeholder and shareholder value, require 1) strategic understanding, 2) knowledge empowerment, and 3) effective accountability frameworks for cyber security to facilitate any appropriate let alone good corporate governance in an increasingly online world. More than a series of isolated technical controls, cyber security starts with leadership and remains an ongoing and collaborative leadership concern. Only then can effective structures be in place to embed and distribute protections of organisational value throughout the cross-functional whole of an organisation and its intrasectoral, intersectoral, international and multidisciplinary interconnected ecosystem.

Gotcha! ( is the first step toward demystifying cyber security and how protections do and don’t work, references and helpful checklists. A related project named ‘Elephant in the boardroom’ helps develop accountability frameworks for boards and organisational leaders to more safely maximise our interconnected environment and play their important role in influencing the ‘herd’.

Dr Sally Ernst I UK and Australian Cyber Security Networks I I I @DrSallyErnst

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s