The 5 Personas Of Cyber Risk Management

The advice is out there

Director advisory organisations from around the world have been singing from the same hymn sheet for several years – cyber risk is a key element to enterprise risk:

“Guidelines from the National Association for Corporate Directors (NACD) advise that Boards should view cyber risks from an enterprise-wide standpoint and understand the potential legal impacts. They should discuss cybersecurity risks and preparedness with management, and consider cyberthreats in the context of the organisation’s overall tolerance for risk.”

The New Zealand Institute of Directors have written a Cyber-Risk Practice Guide subtitled “Put cybersecurity on the agenda before it becomes the agenda”

The Institute of Directors in the UK agree “New reports of data breaches and instances of cyber crime appear each year, contributing to an annual loss of around five billion pounds for the UK economy. It is therefore more important than ever to address Cyber issues at board level in order to safeguard our businesses and employees.”

The Australian institute of Company Directors are on board too “Cybersecurity is a critical issue for boards and senior management. A cyber breach can impact your bottom line, brand and reputation. What can organisations do to address cyber risk and embrace opportunity through change?”

Governments too are the same recommendations for businesses of all sizes

The Australian Small Business and Family Enterprise Ombidsman provide the following advice:

“Develop a business-wide policy so everyone knows that cyber security is a priority, and so the business owners can be seen to be actively engaging with cyber security. If cyber security is thought of as a strictly IT issue, it doesn’t send the message that it’s a top priority, and won’t make your business or staff cyber secure. Because cyber attackers target people just as they target hardware, cyber security is for everyone at every level in the business. Establishing and communicating their responsibilities is vital to build a cyber aware business.”

The UK’s National Cyber Security Centre declares “Companies benefit from managing risks across their organisations - drawing effectively on senior management support, risk management policies and processes, a risk-aware culture and the assessment of risks against objectives. There are many benefits to adopting a risk management approach to cyber security”

Is this Advice being heeded?

To some extent, yes. However it is clear from the data and the headlines that the development of cyber responsible cultures, driven by the board has a long way to go.

Recent Breaches

New Zealand

Australian Breaches

US Breaches

So why are organisations not following the unanimous advice and taking heed of the data?

The experience that we have at Cybercraft has lead us in an interesting direction. From working with organisations of all sizes and natures, we have found that it is the attitude of key individuals toward cyber risk as being of key importance. From this, we have identified 5 cyber risk personas:

Let's Talk



Level 29, Chifley Tower, 2 Chifley Sq. Sydney NSW 2000

+61 2 9375 2112


New Zealand 

41 Shortland Street, Plaza Level

Auckland CBD, Auckland 1010

+64 9 307 9394 

Sign Up for News & Updates:

Follow Us: