AICD’s Governing Through a Cyber Crisis

A framework for cyber incident preparedness, response and recovery for Australian directors

Published: February 2024

Summary: This resource covers the board’s role, key requirements, questions to be answered, and red flags they should be clear on across four cyber attack phases:

  • Readiness
  • Response
  • Recovery
  • Remediate

Also included:

  • Discussion around ransom payment decision making.
  • Key cyber security regulatory obligations.
  • Summary of response plans that should be in place prior to an incident.
  • Comprehensive listing of other resources.

The guidance was developed by the AICD in partnership with the Cyber Security Cooperative Research Centre (CSCRC) and Ashurst.

The resource expands on existing guidance in the AICD CSCRC Cyber Security Governance Principles.

Available from: