Most Boards Have an Incident Response Plan They’ve Never Actually Tested
The NSW Treasury insider breach didn’t start with a hacker — it started with a staff member, valid credentials, and access controls a board had already approved. Over 5,600 sensitive documents moved across multiple departments before monitoring flagged anything. Most incident response plans are built for external attackers, leaving no framework for the harder question: when does a trusted employee doing normal work at abnormal scale become a security incident? Until boards treat insider preparedness as a design problem rather than a policy they sign off once, they’ll keep being surprised by threats already inside the building.
Unlocking Cyber Talent: How to Engage and Recruit Leading CISOs
Boards tell me they cannot find qualified CISOs. After 25 years of advising executive teams, I can tell you that is rarely the actual problem. The talent exists. What is missing is the governance structure that credible security leaders are willing to walk into. If your cyber governance disappears when one person resigns, it never truly existed in the first place.
