Across Australia, boards are being urged to step up their cyber oversight. A new report from the Australian Institute of Company Directors (AICD) and the Australian Signals Directorate (ASD) sets out clear expectations for how directors should govern cyber risk, and it reinforces something every MailGuard partner already knows: cyber security is no longer just an IT issue.
Should boards be worried about cyber security?
According to the Australian Institute of Company Directors (AICD) and the Australian Signals Directorate (ASD), the answer is a decisive yes.
Australian businesses face a heightened global cyber threat environment, fuelled by geopolitical tensions in the Middle East, Ukraine, and the Indo-Pacific. State-based actors are increasingly pre-positioning for disruption against critical infrastructure and essential services. And at the same time, major data breaches continue to erode trust, impact share prices, and expose weaknesses in governance oversight.
The cost of this risk is rising fast. Espionage alone cost Australia an estimated $12.5 billion in FY23-24, while cybercrime losses continue to climb across every sector and organisation size.
Cyber Governance: The New Director Responsibility
The new Cyber Security Priorities for Boards of Directors 2025–26 jointly published by AICD and ASD calls for boards to treat cyber risk as a core business issue, not a technical one. It’s not a new message for our readers, but it’s reassuring to hear the sentiment from such esteemed and highly regarded authorities.
Their guidance outlines clear expectations for how boards should govern cyber resilience, including:
- Cyber awareness at board level — Directors should understand how cyber threats affect the organisation’s strategy, operations, and reputation.
- Defined accountability — Cyber security should be embedded in governance frameworks, with clear lines of responsibility across executive and non-executive leadership.
- Regular risk assessments — Boards should require up-to-date visibility of their organisation’s cyber posture and risk exposure.
- Incident readiness — Directors must ensure response and recovery plans are tested, rehearsed, and integrated into business continuity planning.
- Culture of security — Board-level tone-setting remains critical; resilience starts with informed, accountable leadership.
The report’s central message is clear: cyber resilience is business resilience. Boards that view it through that lens will be better equipped to protect shareholder value, customer trust, and operational continuity. It also includes actionable advice for executives, threshold governance questions, and supplementary technical questions to support executives uncovering the readiness of their organisations.
What This Means for IT Partners and Advisors
For MailGuard partners and resellers, this guidance opens new opportunities for strategic engagement with clients and their leadership teams, at board and executive level.
Many organisations still treat cybersecurity as an IT function. Partners can now position it as a governance and risk management imperative, aligning their conversations with the same priorities directors are hearing from the AICD and ASD.
Here’s how to add value in those discussions:
- Frame email security as risk reduction, not technology.
Email remains the leading entry point for attacks and data breaches. A single phishing incident can trigger regulatory, reputational, and financial fallout. Issues that concern boards directly. - Translate technical controls into business outcomes.
Boards want to understand exposure and impact in plain terms: downtime, customer trust, continuity, and compliance. - Highlight layered defence as good governance.
The ASD’s Essential Eight recommends defence-in-depth. Integrating MailGuard solutions with native Microsoft 365 and Google tools helps organisations close one of the most common gaps, fast-moving phishing and malware that bypass baseline filters. - Encourage incident readiness at every level.
Boards need confidence that staff can detect, report, and respond to threats quickly. Partners can provide support by offering awareness training and threat-simulation exercises.
A Stronger Partnership for a Stronger Australia
The AICD and ASD have made it clear: cyber security must be led from the top. Technology partners are now a critical part of that ecosystem, not just in implementing solutions, but in driving critical conversations and interrogating readiness, to ensure better governance and resilience.
At MailGuard, we’ve long believed that trust is the true currency of modern business. Our mission aligns directly with the intent of this new guidance: helping organisations protect that trust by reducing exposure where it starts, in the inbox.
For partners, this is the moment to bring cyber resilience into client boardroom conversations, and helping clients strengthen the link between leadership, accountability, and protection.
📘 Read the full report: Cyber Security Priorities for Boards of Directors 2025–26 — Australian Institute of Company Directors & Australian Signals Directorate.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist AI-powered email threat detection solution like MailGuard.
For a few dollars per staff member per month, businesses are protected by MailGuard's specialist, AI-powered zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies your client’s intelligence, knowledge, security and defence.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your clients today to ensure they’re prepared and get in touch with our team to discuss fortifying your client’s cyber resilience.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
