Governing Through a Cyber Crisis

CYBER INCIDENT RESPONSE AND RECOVERY FOR AUSTRALIAN DIRECTORS

KEY QUESTIONS

1. Are roles and responsibilities comprehensively documented, including the role of the Chair and specific directors in the event of a significant incident?
2. Are the processes for key decisionmaking and external support detailed in the response plan?
3. Do we have a comprehensive approach and plan to communicating with internal and external stakeholders, including responsibilities for notifying and engaging with regulators and approving market disclosures?
4. Do we understand how insurance would operate in the event of an incident and the support the insurer can/cannot provide?
5. Do we regularly scenario test or conduct a simulation on our response plan? How often do we review the response plan and update it to ensure it reflects organisational changes and the current threat environment?

Views: 0