The World Economic Forum's annual cyber reports consistently provide valuable insights, and the 2024 edition's focus on the growing state of cyber inequity is particularly worth noting.
Last century, we often talked about IT security only being as strong as the weakest link in a chain. It was never a great analogy, but the fundamental point remains true: interconnected systems mean that the security posture of one organisation affects the risk profile of every organisation it connects with.
The cyber inequity dimension sharpens this. The gap between organisations that can afford sophisticated cyber defences and those that cannot is widening. Large enterprises invest millions in security operations centres, threat intelligence and incident response capabilities. SMEs, not-for-profits and smaller government agencies frequently operate with minimal cyber capability, often relying on a single IT provider or, in some cases, no dedicated security resource at all.
This matters for directors beyond their own organisation's perimeter. Supply chain risk, third-party access, and shared infrastructure mean that your organisation's cyber resilience is partly determined by the weakest participant in your ecosystem. The FIIG Securities case demonstrated this in a regulatory context: ASIC's expectations around cyber security extend to how licensees manage risk across their networks, not just within their own walls.
Directors need to be considering cyber as one part of their overall technology governance. It is rarely an optimal use of resources to protect worthless data and systems with the same vigour as your most critical assets. A risk-based approach, informed by an honest assessment of what data you hold, what systems matter most, and where your supply chain dependencies sit, is more effective than treating cyber as a uniform compliance exercise.
The WEF report is well worth a read. But the practical takeaway for directors is closer to home: do you understand the cyber capability of the organisations your business depends on?