Cyber Preparedness and the Foundations of Resilience and Response

Australian businesses are operating in a cyber risk landscape that’s more volatile than ever.

Recent high-profile cyber attacks and data incidents have illustrated the importance of communications preparedness, anticipation, and agility, which allow organisations to respond quickly and effectively to crises.

But where to start? And how can businesses be sure that plans, processes, and procedures are best practice and will stand up under the pressure of a cyber crisis? These are questions that many businesses ask themselves, but often don’t know where to begin.

Australian businesses can look to a global standard that sets out best practice in crisis communications response.

ISO 22361, the International Benchmark

ISO 22361:2022 Security and resilience—Crisis management offers practical and globally recognised guidance to help businesses across Australia prepare for, manage, and recover from disruptive events.

It provides a strategic crisis management blueprint and gives Australian businesses a structured framework for building a crisis management capability that aligns with expectations of stakeholders, regulators, and governments.

From ASX-listed companies to smaller businesses, the standard supports effective leadership and governance under pressure.

Crucially, it also lays out best practice for facilitating timely, effective, and appropriate communication with stakeholders as a crisis unfolds.

Supporting Efficient Communications Decision-Making

During crises, decision-making must be fast and effective, but we have seen numerous examples recently of businesses being criticised for waiting too long to communicate with those impacted, to stakeholders, and to the media.

Stakeholders expect transparency, especially in times of crisis.

Being slow off the mark in this situation can result in a lack of momentum or effectiveness of communication or, worse still, others filling this communication vacuum with information that is, at best, speculation, and at worst, damaging misinformation.

ISO 22361 emphasises proactive communication strategies that can help maintain customer, investor, and employee trust. It supports leaders with guidance on how to manage uncertainty, balance competing interests - such as shareholder vs. community expectations - and avoid paralysis in high-pressure scenarios.

This helps to ensure the right message is delivered to the right audience at the right time, which is critical in Australia’s fast-moving digital landscape where misinformation can spread quickly.

Managing Risk and Meeting Regulatory Requirements

Australian businesses already manage a range of regulatory and operational risks - from reporting obligations to privacy laws – and a cyber incident brings additional regulatory and reporting requirements into play.

ISO 22361 integrates with business continuity, cybersecurity, and emergency management systems, ensuring a consistent and compliant approach across the board.

This is especially important in high-profile, impactful sectors where the potential for Royal Commissions and government inquiries is ever-present.

These inquiries emphasise the lessons that must be learned from crises. ISO 22361 builds this principle into its advice on crisis response, including after-action reviews, simulations, and learning to improve communications preparedness and resilience over time.

The Benefit of Fresh Eyes

In an era where business continuity is threatened from countless sources, cyber preparedness is no longer a ‘nice to have’ for Australian organisations - it’s a strategic necessity.

ISO 22361 sets out a good benchmark for businesses, but in some circumstances, an organisation seeking to improve its crisis and cyber communications preparedness procedures in moments of comparative calm can often find it hard to see the wood for the trees.

An external perspective, backed by the ISO 22361 framework, can help businesses truly assess and test their preparedness.

FTI Consulting’s crisis practice uses ISO 22361 as a benchmark and a guide to equip Australian businesses with the tools, systems, and mindset to respond to crises with confidence, to protect their reputation, and to bounce back and rebuild.

Related Insights

Related Information

Published

July 24, 2025

temp Key Contacts

Ben Hamilton

Senior Managing Director

David Whitely

Managing Director

Most Popular Insights

  1. What Directors Think Report
  2. The Long Game on Tariffs
  3. U.S. Renewable Energy M&A: Review of 2024 and Outlook for 2025
  4. Healthcare M&A for 2025: Key Trends and Strategic Considerations
  5. AI Investment Landscape in 2025: Opportunities in a Volatile Market

Sign up to get access to FTI Consulting Insights

Subscribe