“Recent events have thrust the topics of cyber and infrastructure security risk management into the limelight. Indeed, when these are paired with the recent changes to SoCI (Security of Critical Infrastructure) legislation across a number of jurisdictions, we can see a significant increase in interest in all things cyber and infrastructure by both service providers and end-users alike. Reflecting this, the 2nd Edition is a collection of articles and opinion pieces on matters relating to cyber and infrastructure security risk management in particular, and has been timed to coincide with the Cyber & Infrastructure Security (CIS) Conference 2023 held in Sydney, Australia, and streamed globally. Interestingly, however, when reviewing the articles, it became clear that discussing risk management within what is a highly technical field, involves the discussion of a wide range of issues, a significant portion of which would be classed as non-technical in nature – that is, not relating to the technology itself, but rather the way in which the same is to be actively managed.
Following this rationale, it can be confidently said that the industry is acknowledging the need for risk leadership, and not “just” risk management, when it comes to cyber and infrastructure security risk.
In this sense, there is a need for cultural and procedural change and not just technical development. Equally, the call for a truly integrated approach has never been louder, nor more important. Rapid technological change is here to stay, and with that comes a range of opportunities to be explored, and potential exposures to be managed. As a result, as risk leaders we must choose whether we are to be proactive or reactive as we continue to move forward.”
Dr Paul Johnston FARPI FISRM ChFInstP RPP, Journal Editor