Cumulative Effect

For years, cyber security was the ‘poor relation’ in many boardrooms: treated as inferior to other priorities, seen as an irritating cost centre and assumed to be money that could be spent ‘better’ elsewhere. That mindset is rarely the result of a single bad decision. It is inertia, the cumulative effect of multiple factors and, above all, a lack of understanding of how dramatically the landscape has changed over the past 25 years.

This book is written as a practical wake-up call for Board Members and CEOs. It reframes cyber security as a leadership issue rooted in the inherent insecurities of the internet on which modern organisations are built, encouraging leaders to think as if they operate in a high-crime area. It then shows how to translate that mindset into board-level oversight: strengthening domain and subdomain controls and certificate management, expanding organisational KPIs to include correctly chosen cyber measures (such as year-on-year reduction in IT ecosystem complexity) and making explicit decisions about unmanaged devices such as BYOD and home computers.

The book also introduces a ‘cyber security risk-reward’ lens for business cases, reshaping how leaders assess digital transformation, agile delivery, SaaS sprawl and shadow IT. It clarifies shared security responsibility and how to implement and manage it properly, then broadens the conversation to supply chain cyber risks and dependencies across all vendors and service providers, not just IT. It highlights the strategic importance of DNS ownership and management, examines the cyber implications of reliance on ‘digital monopolies’ such as Microsoft or CrowdStrike and makes clear that compliance does not equal security: standards and frameworks may help, but they do not guarantee real security. Finally, it tackles modern boardroom pressure points, including avoiding FOMO-driven decisions, assessing AI adoption through a cyber risk lens and planning for post-quantum cryptography.

Dr Vladas Leonas entered ICT during the mainframe and punched cards era and witnessed first-hand the emergence and proliferation of mini-, micro- and personal computers and networks. Throughout his career, he has worked in multiple public and private sector industries and tertiary education organisations.

He is a Fellow of ACS, a Fellow of IEAust and a formally trained auditor (ISO/IEC 27001). He is also an Adjunct Professor at the Australian Graduate School of Leadership.

Dr Vladas Leonas is a subject matter expert and specialises in ICT Strategies, their Implementation and ICT Operations, Gateway Reviews and Internal Audits, Enterprise Risk Management, Cybersecurity, Governance, Procurement and Compliance. Over the last 25 years, he has held eight CIO and CTO positions.