Cyber Security Governance Principles | Version 2

Cyber threats are a critical risk for organisations of all sizes. With digital driven strategies, evolving regulation, and increasingly sophisticated cybercrime, cyber security remains a top board priority.

Since 2022, the AICD and CSCRC's Cyber Security Governance Principles (Principles) have set the standard for cyber governance in Australia. They offer a framework for better practice, enhanced resilience, and proactive board oversight.

This Version 2 covers emerging issues such as digital supply chain risks, data governance and effective cyber incident response and recovery. The Principles feature case studies from corporate leaders including former Telstra CEO, Andy Penn AO and Ventia Services Group Chair, David Moffatt MAICD, along with insights from recent major cyber security incidents.To support directors, the Principles provide practical tools, including tailored questions, governance red flags, and checklists for NFPs and SMEs, helping boards strengthen cyber resilience, improve risk controls, and oversee supplier relationships effectively.