A new dawn is lighting the divide between the boardroom and IT professionals as perceptions adjust to a "culture of compliance" to coincide with a raft of laws and legislation and set the current business agenda.
Laws are carving out the new landscape in which the boardroom will be held liable for poor IT security practices including offences under the Commonwealth Criminal Code where a "corporate culture of non-compliance" is a serious offence.
Freehills corporate technology solicitor Martin McEniery said it is principally a boardroom issue that includes IT. However, McEniery admits IT professionals don't always win when playing the role of educator in the boardroom.
"The board sees IT as relying heavily on the advice of vendors, people who are trying to sell them something so [directors] are sceptical of straight technology solutions," he said.
"But the Attorney General has now weighed into this process so a lack of governance will not be tolerated; recent legislative changes are akin to the introduction of occupational health and safety laws in the past and involve the entire organisation."
Michael Warrilow, Meta Group Asia Pacific senior consultant, said human resources departments need to be trained in compliance, IT needs to address architecture issues while risk assessment and insurance audits need to be undertaken every six to 12 months.
Warrilow said in the next 12 months as the insurance industry introduces more cyber protection products, companies will be forced to be legally and technically compliant.
"It is not a question of lower insurance premiums, it will be a question of whether the organisation gets insurance at all; but lower premiums can be used as a carrot," he said.
This is about directors' liability that needs the support of IT to ensure that corporate data and company assets are protected. To accommodate the new climate Meta and Freehills have formed an alliance offering a comprehensive solution that includes legal and technical expertise.
The alliance may be the first of similar partnerships between analysts and legal firms offering their wares in this new corporate environment.