Book Release: The Secure Board


The latest book from award winning author Claire Pales, The Secure Board, hits shelves today and is available for download to help Australian directors have confidence their organisations are cyber safe.

The Secure Board, is the second book from best selling author, Claire Pales and the first for her co-author Anna Leibel. Claire and Anna are the founders of the boutique advisory firm The Secure Board and leading experts in cyber security and technology. They are independent advisors who work with many with boards and committees in both Australia and Asia. Anna is also a current director on the board of Ambulance Victoria.

Globally, cybercrime increased by 600 percent in 2020 according to the United Nations, largely due to COVID-19 changing work practices and rocketing phishing attacks. In 2021, cyber is expected to be a $6 trillion business, more profitable than the illicit drug trade. With an unprecedented acceleration in significant cyber-attacks and IT failures in Australia, some with spectacular consequences for business and governments, The Secure Board is a timely reminder of the responsibilities and liability for board directors.

“Ransomware attacks are having a significant impact on Australian organisations across business, the public service and government.  In June 2020, Prime Minister, The Hon Scott Morrison MP, highlighted Australia was being targeted by major cyber-attacks with a significant level of sophistication and capability. “As we head into 2021, this book is an essential read for all Australian leaders, board members as well as the future pipeline of aspiring board members,” explains co-author Anna Leibel.

Writing in the forward of The Secure BoardDavid Thodey AO, Chair of CSIRO and former CEO of Telstra, says “The threat landscape today is extremely complex and sophisticated. We as leaders must meet that level of sophistication by implementing robust information security initiatives for our own organisations. Businesses have a significant role to play in our nation’s  cyber resilience. It is imperative that executives and boards accept cyber security  as a fundamental issue to their operations, and plan appropriately to mitigate risk.”

This is the second book for Claire Pales, following on from The Secure CIO. Claire explains she wanted to partner with Anna Leibel to fill a crucial gap in the knowledge of board directors when it comes to cyber risk. “Contrary to the popular belief, the security team and the CISO do not own business risks. While boards don’t need to be IT experts, they must understand cyber risk. The Secure Board outlines the critical elements of governing cyber security risks, from strategy and the importance of being prepared, to the role each person in the organisation must play in keeping information safe and secure,” stresses co-author, Claire Pales.

Writing in the introduction, Ken Lay AO APM FAICD, Lieutenant-Governor of Victoria, Board Chairperson and Director stresses that cyber attacks “diminish the confidence of the community in the ability of its agencies to secure some of our most sensitive personal information.  As a consequence, agency brands are harmed, the reputation and competence of boards and management are questioned, and more importantly, the lives of individuals are disrupted and their privacy is sometimes grievously breached.”

In The Secure Board, the authors pose a number of critical questions for boards to test their knowledge and move from cyber being viewed as an IT problem, to a critical business/organisational risk:

  • How has reputational risk been considered in cyber risk appetite, strategy, and/or reporting?
  • Is cyber mentioned in the CEO’s board updates, company briefings and investor briefings? What about progress relating to cyber education and awareness for employees?
  • Is cyber referenced when making business decisions and is it represented in the business strategy and annual report?
  • How is the board, or audit and risk committee, proactively focussed on emerging cyber risks?
  • Where is all our data kept? Which organisations have access to our data? How is this managed and governed?
  •  Is the CEO working with the CISO to understand the importance of cyber across the enterprise?
  • How are our post-incident communications working to protect customer trust?
  • Does executive remuneration include accountability for company-wide cyber risk?

The Secure Board is available from today in all good bookstores and available for online via