Insync and Board Benchmarking, in collaboration with cyber expert Gill Colins, have developed a new (SECURE) framework for Board Cyber Governance Effectiveness.
The framework draws upon Gill’s deep cyber expertise, most notably as leader of Marsh McLennan’s cyber business in the Pacific. It also leverages Insync and Board Benchmarking’s two decades of experience in best board governance practices in Australia and globally.
The escalating frequency and sophistication of cyber threats have elevated cyber risk to a core governance issue. Recent high profile incidents such as Optus, Medibank, Latitude Financial, and Qantas—demonstrate that effective governance of cyber risk is critical and failure to do so can have devastating consequences. Today, cyber is more than a technology problem: it is an enterprise-wide concern requiring proactive, knowledgeable and strategic board leadership.
Yet, many directors acknowledge a lack of confidence in interpreting complex cyber risk reports or challenging management insights. The SECURE Framework bridges this critical knowledge gap by providing a board-first, maturity-based tool to assess, strengthen and benchmark oversight of cyber risk in alignment with strategic governance realities.
What makes SECURE essential for boards?
- Purpose-built for boards: SECURE demystifies cyber oversight, offering a clear structure that empowers directors – regardless of technical background – to evaluate, strengthen and track cyber governance maturity.
- Aligned with regulatory requirements: Direct mapping to global and Australian cyber governance standards and regulations – including NIST CSF2.0, ISO 27001, APRA CPS 234, Cybersecurity Act 2024, SOCI Act, Privacy Act, ASIC and AICD Cyber Governance Principles
- Informs board reporting: This mapping ensures that survey responses can inform board reporting, audit preparation, risk committee reviews, and incident response planning in line with current and emerging requirements.
- Comprehensive coverage: SECURE spans six critical domains of cyber Governance. As well as being a good measurement tool it will also educate, engage and build alignement.
What is SECURE?
S – Strategy and integration
Ensures cyber is embedded in business strategy, risk appetite, and investment planning.
E – Enterprise risk and compliance
Focuses on governance structures, legal obligations, and integration with enterprise-wide risk management.
C – Culture and capability
Evaluates board and workforce cyber literacy, training, and cultural indicators of cyber awareness.
U – Understanding cyber risk
Ensures boards comprehend the threat landscape, asset exposures, and emerging risks, including across digital and third-party ecosystems.
R – Response and resilience
Examines how well-prepared the organisation is to respond to, and recover from, cyber incidents—including crisis simulations and stakeholder communications.
E – Evaluation and metrics
Encourages the use of meaningful indicators to monitor cyber performance and assess board cyber governance effectiveness over time.
Why boards should adopt the SECURE survey
The SECURE survey is more than a compliance checklist. It is a strategic instrument for boards, offering deep insights and actionable benchmarking across key governance domains. Utilising the survey enables boards to:
- Clarify the director’s roles in governing cyber and digital risks
- Uncover strengths and address blind spots in oversight
- Align cyber strategy with organisational vision and goals
- Strengthen readiness, resilience and a cyber aware-culture
- Establish clear accountability to stakeholders and regulators
By deploying the SECURE survey regularly – annually, or after significant events (mergers, systems transformations or cyber incidents), boards can embed cyber risk governance into ongoing effectiveness reviews and risk oversight processes. This demonstrates both leadership and accountability in one of today’s most critical risk areas.
Take the next step
Now, more than ever, boards must lead with confidence in the rapidly evolving cyber landscape. The SECURE Framework and the Board Cyber Governance Effectiveness Survey provide the structure and insights necessary to fulfil your organisation’s duty of care. To integrate SECURE into your board effectiveness reviews, contact our team today.
