The art of being cyber smart. Obstacles or opportunities: the choice is yours With disruption becoming a daily headline, business leaders are facing a diversity of risks and challenges. From a rapidly evolving technological landscape to an increasingly digital economy, organisations need to be ready and poised to turn obstacles into opportunities. For Australian businesses and leaders to compete on the world stage against this backdrop of change and uncertainty, they need to accelerate their adoption of all forms of disruptive technology. By having the confidence to invest, research, understand and harness the powers of digital – capabilities and investment can be unlocked. How can businesses unlock investment? To be competitive, your first step is cyber. By having robust governance and management of all elements related to cyber, it can free and unlock other resources or skill-sets to capitalise on opportunities. By strengthening cyber defences, becoming more vigilant and building an increased level of resilience, organisations can start to cultivate a culture where seeing the potential and upside to certain situations becomes part of the firm’s DNA. When it comes to being cyber smart, there is often a persistent perception around there being a skills shortage in the industry and no doubt within the organisation as well. Who can take on these responsibilities? We don’t have dedicated individuals who can focus on this topic. All our resources are being used at the moment to drive other key initiatives. In essence, if one looks at the infrastructure of their organisation, there are often key roles that have inherent capabilities that can be transferred to that of cyber and governance. Cyber skills are no different and too often we are searching for unicorns instead of swiss army knives to contribute to solving the overall problem. Part of the process around unlocking investment, is realising and acknowledging the role of existing capabilities to solve issues and provide practical and on-going solutions. Cyber under the spotlight As organisations grapple with tackling cyber, it’s critical that the conversation around cyber steers towards it being viewed as a business risk rather than only a technology one. The digital tentacles of cyber can reach far and wide across a business and the sooner that it takes a seat at the table as one of the key business issues facing a company, the better. By embedding cyber into the firm-wide conversations, leaders can empower departments to mitigate and manage this risk using some of the existing capabilities already being despatched. As a practical example, managing the risk of a business disruption to operations or protection intellectual property is something good business leaders have always done – and done reasonably well. While the trigger or cause of a risk event might be different in the digital world, managing the risk effectively doesn’t have to be a daunting exercise with completely different capabilities required. The time to act is now It has been well documented in the media and by business leaders that cyber threats are a regular possibility and the challenges they pose might only be increasing. From data breaches to compliance related issues and more, the cyber scenario in our recent Building the Lucky Country series (BTLC#6) showcases what’s possible – and brings to life the reason why business leaders need to put their best planning foot forward by being prepared. BTLC#6 looks at a possible future for Australia where we have successfully managed cyber risk, and cyber has become a catalyst and a source of growth, rather than an inhibitor of progress. Leaders have realised that cyber is not something that can just be left to IT departments. Because all large organisations are already digital, it’s a problem for all businesses and all leaders. Once of the challenges we also have as an industry is balancing the ability for organisations to move forward at a fast pace with governance and mitigation versus facing a situation of paralysis analysis by being overwhelmed with too many options or a complexity around what to do next. As the growth in digital technologies continues to expand exponentially, time is of the essence. Contributing to a greater prosperity It’s also critical that we lift the gaze from beyond an individual “what can a business or organisation do around being cyber smart” to a focus on a collective responsibility to work together in a proactive manner for the greater prosperity of the nation. We all have a role to play and by joining forces to tackle cyber and continue investments in these capabilities across the industry, we can all look forward to a future of stability, growth and productivity. Business leaders will need to play the role of champions in changing mindsets and pushing forward a common goal towards a prosperous future. It will require a commitment to changing our approach to cyber risk, and to shaping an Australian cyber sector that is a leader in the field, rather than lagging behind. It will also require forging strong partnerships with government, the education sector and within the Asia Pacific region. Five fundamentals that every business leader should know Beyond the doom and gloom of cyber risk, there are a diversity of opportunities ready to be leveraged. As organisations re-look at their strategies and plans around unlocking investment by being cyber smart, there are five key areas to address: #1 Harness existing talent and invest in more – it’s critical that leaders look at their existing employee base with open eyes and the diversity of skills that are being used across departments. From risk to compliance, IT and more, there are often many governance and process driven frameworks that can be used, as is, to monitor, mitigate and manage cyber threats. It doesn’t have to be a case of reinventing the wheel but rather existing skill-sets can be refined, enhanced and improved through professional development training and investments in upgrading skills and overall capabilities. Look at your current dedicated resources in the first instance. #2 There is more of a risk in doing nothing – this is not the time to bury your head in the digital sand. The technological terrain is rapidly changing and those leaders who do not act now by getting on top of their cyber strategy in a smart manner will run the risk of lagging behind – from an economic, reputational and talent perspective. From automation to robotics, artificial intelligence to cognitive technologies and more, cyber needs to be an element that is adequately addressed in order for organisations to be competitive on the world stage. #3 Collaborate with your team and industry – we can all learn best practice from seeing high performing teams in action and seeing what industry leaders are doing. By getting involved in these industry debates and discussion, solutions can be revealed, as we all work collectively to paint a powerful picture of the digital future. #4 Educate and engage early – it’s important that cyber risk becomes part of conversations across an organisation and this can often only happen if scenarios, ideas and issues are discussed in easily digestible terms. Ensure that you meet with your colleagues regularly to unearth what a particular situation or scenario means for the team. It’s also fundamental that cyber practitioners are engaged early on across not just projects but also when business strategies are being created, to ensure that decisions can be made more effectively and efficiently. #5 Add cyber to your corporate and social responsibility – when it comes to working collaboratively for the greater good of Australia, cyber is becoming synonymous with strengthening governance, risk and reputation frameworks. By being cyber smart and adding this as a key accountability and responsibility, leaders across the industry can then unlock investment in their organisations to drive a continued prosperity and growth. Turning cyber risk from a negative into a positive can unlock significant investment. Business leaders need to play a central role in leading the business and organisational changes that are needed to allow this to happen. How cyber smart are you?