4 things every Board of Director should know about cyber risk in 2025

Written By Chantelle Ralevska

When it comes to cybersecurity risk management, your Board of Directors probably isn’t the first group that comes to mind.

After all, they’re not the ones operating day-to-day. But here's the truth: Boards are responsible for managing cybersecurity risk. A lack of understanding around Directors' roles and responsibilities can put both your business and Directors at significant risk.

Here are three things every Board of Directors should know in 2025:

1: Boards Are responsible for cyber risk management

In Australia, cyber risk management falls under the Board of Directors' responsibility. ASIC can take legal action against Directors for failing to meet these duties, and they have made it clear that they are actively looking for the right case to hold Directors accountable for neglecting cybersecurity risks.

2: cybersecurity legislation is evolving

Three key pieces of legislation govern cybersecurity in Australia and outline Directors' roles and responsibilities:

  • Corporations Act 2001: Directors must exercise a degree of care and diligence, and act in good faith in the best interests of the organisation.

  • Privacy Act & Privacy and Other Legislation Amendment Bill 2024: Organisations must take active steps to secure personal data and ensure staff are adequately trained to handle personal data responsibly.

  • Cyber Security Act 2024: Australian businesses with an annual turnover of over $3M are legally required to report ransomware payments, and reports must be made within 72 hours of making the payment.

3: directors must abide by their roles and responsibilities

What does it look like for Directors to manage cyber risk effectively?

  • Clearly Defined Roles: Establish clear cybersecurity roles and responsibilities across the business

  • Regular Cybersecurity Reporting: Ensure cybersecurity is a standing agenda item at Board meetings.

  • Cybersecurity Strategy: Develop a strategy based on a thorough risk assessment to identify vulnerabilities.

  • Promote a Cyber-Resilient Culture: Foster a culture of cyber awareness that is driven from the top.

  • Incident Preparedness: Have an up-to-date incident response plan that is reviewed annually.

4: directors are an increased target

Board members have access to sensitive company data, influence over major decisions, and often hold public profiles that make them easy to research and impersonate. Unfortunately, many Directors are also disconnected from daily cybersecurity practices.

Cybercriminals are aware of this and are increasingly targeting Boards as an entry point into organisations. GetApp's 2024 Executive Cybersecurity Report found that 70% of Australian senior executives were targeted by cyber attacks in the last 18 months. Generic security training isn't just ineffective - it's irresponsible.

how to build cyber-resilient boards?

Building a cyber-resilient Board starts with the right tools, training, and support. Here's how to protect your Board:

  • Tailored Education: Focus on governance, risk oversight, and practical threats aligned to business outcomes.

  • Incident Response Simulation: Run simulations and provide feedback that improve your existing incident response plan.

  • Private Risk Assessments: Examine Directors' personal digital footprints and provide customised recommendations to uplift security.

  • Ongoing Awareness: Keep Directors updated with regular reporting on cybersecurity strategies and emerging threats.

This is why we created our Boardroom Brilliance package — a training and advisory service designed specifically for Boards of Directors. It’s about empowering your Board to confidently manage cyber risks and set the tone for a security-first culture across the business.

This is why we created our Boardroom Brilliance package — a training and advisory package designed specifically for Boards of Directors. It’s about empowering your Board to govern cyber risks confidently and set the tone for a security-first culture across the business.

Cybersecurity Leadership Starts in the Boardroom

In 2025, effective cybersecurity leadership begins at the top. If your Board isn’t prepared, your business isn’t prepared. Our Boardroom Brilliance program gives your Board the skills, awareness, and confidence to lead your organisation safely into the future. It’s tailored, practical and high-impact.

Because when your leaders are protected, your entire business is stronger.

📞 Ready to Get Started?

The best time to build a strong cybersecurity culture was yesterday. The second-best time? Today.

Book a free consultation with our team now and learn how we can help your executives stay safe against cyber threats.

👉 Schedule Your Consultation

Based in Sydney and trusted by businesses nationwide.

Chantelle Ralevska

After protecting Australia's largest organisations (Macquarie Group, Westpac, Woolworths), I've learned that effective cybersecurity training is about connecting with how people think, learn, and behave.

As the Founder and CEO of Psyber, I help businesses like yours transform their employees from their biggest cyber risk into their strongest cyber defence. With over 450,000 employees trained across Australia, our team is trusted by Rest Super, Australian Payments Plus, Mulpha International and more.

Previous

Why Executives are your biggest cyber risk (and how to protect them)
Next

Top 5 Phishing Scams Targeting Australians in 2025 (And How to Spot Them)