Conclusion: The foreseeability of cyber incidents is widely accepted, but many organisations still have not done the work to identify their own exposures and ascertain what they would do in a crisis. The openness of shipping giant Maersk in talking about the impact of the NotPetya malware on the organisation should be viewed through the lens of “what would that look like if it happened to us?” The business impact of NotPetya on Maersk is clear, but so too are many of the risk mitigations that should be put in place before a cyber incident – and many of these are not directly related to technology. Finally, risk management is just as much about recovering from an incident as trying to prevent one.

Existing Client Login



This advisory paper is only available to IBRS advisory clients. To find out more about becoming an IBRS advisory client complete the attached form and we will be in touch.

Please let us know your name.
Please let us know your email address.
Please enter a valid phone number
Invalid Input
Invalid Input

Read more ...



James Turner

About The Advisor

James Turner

James Turner is an IBRS emeritus Advisor who specialised in cyber security and risk and facilitates the CIO Cyber and Risk Network on behalf of IBRS. James has over a decade of experience as an industry analyst and advisor; researching the cyber security industry in Australia. As an IBRS Advisor, James authored over 100 IBRS Advisory papers, led dozens of executive roundtables, and presented at numerous conferences.