Cyber Risk Briefing: Security + Insurance

“Controlling what you can’t ensure and insuring what you can’t control.”

Executives from across industries joined andersenIT, Arctic Wolf, and SherpaTech at The Brisbane Club for a focused conversation on how leadership, governance, and security now intersect.

Our Cyber Risk Briefing – Security + Insurance, explored what every organisation must balance today, including protection, accountability, and assurance, and how aligning these areas strengthens business resilience.

In today’s environment, risk visibility and response speed define resilience. The focus has shifted from preventing every breach, to demonstrating control, accountability, and readiness when incidents occur.

This change has transformed cybersecurity from a technical function into a wider governance issue.

Arctic Wolf’s, Steve Hunter, provided the latest insights on the dominance of email compromise and identity fraud across Australian breach incidents, a reminder that many breaches can begin with ordinary human or process gaps and not always advanced exploits. However, the defining challenge is time.

Attackers can now map an organisation’s environment within hours by using automation to locate valuable data and prepare multiple paths for disruption. This level of speed means resilience needs to be monitored continuously through frameworks and managed detection and response (MDR) that provide consistent visibility for decision-makers.

For executives, the reality of how quickly attackers can act reinforces that investment in MDR and 24/7 monitoring is a governance measure, demonstrating oversight, accountability, and alignment with insurer expectations for operational maturity.

Insurance as a maturity indicator

SherpaTech’s, Tim Stephinson, unpacked the evolution of cyber insurance and its growing intersection with governance. His core message involves how insurers now assess how an incident is managed, not just if it occurs.

Early engagement with insurers, even after a contained or mitigated event, signals strength. It shows that controls were active, roles were defined, and communication pathways worked as intended, all key indicators of governance maturity.

Insurance outcomes have become a real-time reflection of how effectively organisations translate policy into practice. As risk complexity grows, understanding what your policy truly covers, particularly around AI-driven processes and third-party data, has become essential. These nuances vary across insurers, but transparency and governance determine insurability.

Frameworks that turn compliance into confidence

Mark Andersen, andersenIT, emphasised that effective governance begins with choosing frameworks that align with the organisation’s structure, regulatory context, and maturity goals.

For businesses already aligned with ISO 9001, ISO 27001 represents a logical evolution. It builds an auditable, scalable foundation for information security management while keeping processes proportional to existing capability.

For organisations seeking measurable, operational uplift without formal certification, the ACSC Essential Eight provides a practical baseline to build and demonstrate maturity.

Both frameworks share a common outcome. They translate good governance into evidence that underpins insurer trust, board assurance, and client confidence. As emerging technologies like AI reshape control boundaries, these frameworks offer the structure needed to adapt policies, systems, and accountability models in step with change.