Hackers breached a third-party contact center platform, stealing data from 6M customers. No credit cards or passwords were exposed, but the board still cut senior leader bonuses by 15%. The CEO alone lost A$250,000.
This isn’t just an airline problem. It’s a wake-up call: boards are now holding executives financially accountable for cyber failures.
Key lessons for leaders:
🔹 Harden your help desk – add multi-step verification, ban one-step resets.
🔹 Do a vendor “containment sweep” – limit what customer data sits in third-party tools.
🔹 Prep customer comms kits – be ready to notify with clarity and speed.
🔹 Minimize sensitive data – don’t let vendors store more than they need.
🔹 Enforce strong controls – MFA, device trust checks, and callback verification.
🔹 Report to the board – show vendor exposure, tabletop results, and timelines.
My take: Boards are done treating cybersecurity as “someone else’s problem.” Linking executive pay to cyber resilience is the fastest way to drive accountability. If you’re an executive, assume vendor platforms are your systems—because when they fail, you’re the one explaining it to customers and shareholders.
Secure Your Business. Simplify Compliance. Gain Peace of Mind
InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services | Mergers and Acquisition Security
