Close this search box.

Why Cyber Security is Actually 80% Governance and 20% IT


With the growing number of attacks in the news, people are starting to take their business’s cyber security more seriously. If it’s on your to-do list, you may be thinking that your first port of call is to upgrade your firewalls, antivirus and a host of other technical measures. Before you get your checkbook out and start racking up the spending, there’s something important that you need to know.

While these features are important aspects of cyber security, they are far from the core component. If you want to take your business’s cyber security seriously, your main priority needs to be governance. Before anything else, your company needs a cohesive plan and a set of policies that provide a logical strategy for defence.

Why Is Governance So Important?

Think of it this way: imagine that your firewall is an actual wall, a big one, 15 feet tall and made of solid concrete. Perhaps it even has barbed wire on top. It should be pretty good at keeping intruders out, right?

Maybe. But what if the employees leave the keys in the lock? Straight away, your 15 foot wall would become useless, because any intruder could simply walk up and turn the door handle to gain access.

This is where governance comes in. To make sure that your employees never leave the keys in the lock, you would make a rule against it. By itself, a rule probably wouldn’t be enough, because people are renowned for breaking them. On top of the rule, you might also introduce an awareness program and regular checks to make sure that employees never leave the keys in the lock.

With this comprehensive set of policies, you could be pretty confident that the keys would no longer be kept in the lock and you could go back on relying on the 15 foot wall to keep you safe.

To bring things out of the metaphor and back to the realm of cyber security, think about your company having a firewall, anti-virus and every protection measure that money can buy. It all goes out the window if your employees keep their passwords taped to their monitors. All an intruder would have to do is look over their shoulder and they would have access to the network.

This is why you need good governance, to make sure that there is a policy in place which ties each of your defence mechanisms together. As part of your policy, you would have explicit guidelines on password management that are strictly enforced, to make sure that employees aren’t leaving their passwords open to the world.

How Does Your Organisation Implement Good Governance?

The first step is to do a thorough risk assessment of your organisation. A professional assessment will map out your company’s key assets, as well as its weaknesses and the main threats that it faces.

Once the risk assessment has been completed, it can be used to build a framework for your cyber security strategy. This will include the appropriate defence mechanisms, as well as an overall policy which ties them together. Ongoing training, penetration testing and auditing will be key components that ensure your company continues to maintain a highly secure environment.

Cyber security governance is complicated and it can be difficult for companies to get their heads around. Thankfully, companies like Gridware are here to guide you every step of the way. Contact our team to get your business on the path to good governance and a more secure workplace.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →