Services
Industries
Approach
Resources
About
Client Portal
SPEAK WITH AN EXPERT
search
menu close
  • Back
    • Type to search
IT security & compliance

Home Back to Insights 
daniel dsouza
Daniel D'Souza
Head of Information Security Solutions, Canon Business Services ANZ

Daniel D'Souza is a highly accomplished Information Security professional with a wealth of experience spanning over a decade. His professional journey has covered multiple market sectors including finance, insurance, technology, education, and consulting. The latest of which led him to join the dynamic team at Satalyst, a Canon Business Services Australia company, as an Information Security Manager. In this role, Daniel was instrumental in helping customers safeguard their digital assets, protect their data, and mature their Information Security control environment. 

In recognition of his expertise Daniel was then transitioned into a pivotal secondment as the Manager of IT Governance, Risk & Compliance within Canon Business Services. Daniel's scrupulous oversight in ensuring key security audits and assessments were delivered has not only strengthened the implementation of CBS’ governance framework, but also substantiated a robust security infrastructure, both for CBS and its customers. 

Currently serving as the Head of Information Security Solutions at CBS, Daniel’s insightful approach to cybersecurity leadership plays a key role in ensuring CBS customers leverage the latest in Information Security technology and services. In this role he brings together strategic vision and a team of highly skilled cyber security professionals with vast real-world experience in reducing business risk through cyber resilience. 


As cyber threats evolve at breakneck speed, Australian organisations must recognise that fostering a healthy cybersecurity culture isn’t just an IT concern but a strategic imperative permeating every business level.

But how do we cultivate a cybersecurity culture that’s both effective and embraced by all levels of an organisation?

Traditional approaches to cybersecurity are no longer sufficient. To stay ahead of threats, organisations need to adopt innovative strategies that engage employees, leverage technology, and embed security into the very fabric of their operations.

The Australian cybersecurity landscape

Australia has witnessed a significant rise in cyber incidents over recent years. According to the latest Australian Signals Directorate (ASD) Cyber Threat Report, there was a 23% increase in cybercrime reports in 2022–23, with one incident reported every six minutes.

The financial implications are substantial, but the damage to brand reputation and customer trust can be even more devastating. So, how can Australian organisations foster a cybersecurity culture that not only defends against these threats but also turns security into a competitive advantage?

Let’s delve into the key elements of a robust cybersecurity culture and look at some innovative approaches that go beyond the conventional wisdom.

Leadership: The north star of cybersecurity

Leaders don’t just sit in corner offices¾they exist at every level. Frontline leaders play a pivotal role in providing upward visibility. They’re the eyes and ears on the ground, relaying critical information that might otherwise slip through the cracks.

While top-level commitment is crucial, fostering a culture of security requires empowering individuals at all levels to become cyber champions.

Understanding the human element is key to changing behaviours that pose security risks. Leaders can employ principles from behavioural psychology to design interventions that encourage secure practices.

Asking the right questions

Top-tier leaders need to ask more than just, “Are we secure?” This question by itself isn’t contextual, so we need to dig deeper.

Instead, ask: What are our current threats? How prepared are we to handle them? Decisions should be grounded in facts, not gut feelings.

Justifying actions and driving change

When decisions are made, they must be justifiable. Transparency isn’t just a buzzword. It’s a necessity. If a culture shift is needed, leaders must champion the change. Leadership sets the tone - when executives prioritise cybersecurity in their actions and communications, it signals its importance to the entire organisation.

Actionable steps
  • Identify enthusiastic employees in various departments and provide them with advanced training. These cyber champions can advocate for security best practices within their teams, creating a network of informed influencers.
  • Implement ‘nudge’ techniques - small design changes that can influence behaviour in predictable ways. For example, enforcing multi-factor authentication as a default option or including cybersecurity training scores in KPIs.
  • Regularly share insights about cybersecurity challenges and initiatives during company-wide meetings. Transparency builds trust and underscores the shared responsibility for security.

Get in touch

Talk to us today to optimise your operations.

Contact Us

Understanding context and risk appetite

Are you following “best practices” because you clearly understand why they are best for you or because everyone else is doing it? Tailoring your cybersecurity measures to fit your organisation’s unique context will help you get the most out of your cybersecurity program.

Knowing your industry’s risks

Every industry has its challenges, and every organisation has unique risks based on its size and operational model. Whether you’re in finance, healthcare, or retail, understanding industry-specific risks is crucial. Blindly adopting generic best practices can lead to gaps in security or inefficient use of resources.

Your organisation’s risk appetite—the level of risk it’s willing to accept—should guide your cybersecurity strategy. This requires honest conversations about potential trade-offs between security measures and business agility.

Aligning cybersecurity with business goals

Cybersecurity should be viewed not as a cost centre but as an enabler of business objectives.

What are you aiming to protect? Is it your brand’s reputation, customer data, or perhaps avoiding legal pitfalls? Cybersecurity investments should solve real business problems. And have you communicated these priorities to your employees?

Actionable steps
  • Conduct a thorough risk assessment that considers industry-specific threats. For instance, are you aware of what data cybercriminals target for your industry? What controls are you lacking based on recent attack trends? Do you know where security funding needs to be allocated? What was the basis of these decisions?
  • Facilitate workshops with key stakeholders to define risk appetite. Ensure that this information is communicated clearly across the organisation so that all employees understand the boundaries within which they operate.
  • Map out how cybersecurity initiatives support business goals such as customer trust, operational efficiency, and regulatory compliance. For example, robust security measures can be a selling point to clients concerned about data protection.

Ownership: Accountability at every level

Ultimate ownership of your security program may rest with the board or the C-suite, but cybersecurity is a team sport. Each employee has a role to play. Making accountability felt at all levels of the organisation will get buy-in and help you reach your program goals quicker.

Clearly define roles and responsibilities

Ambiguity breeds inaction. Organisations can ensure that nothing falls through the cracks by clearly defining who is responsible for what and how success is measured.


Integrating security into performance metrics

When employees know cybersecurity is part of their performance evaluation, they’re more likely to take it seriously.


Fostering a culture of accountability

Creating a sense of ownership involves more than assigning tasks—it’s about building a culture where employees feel personally invested in security outcomes.


Actionable steps
  • Develop a RACI matrix (Responsible, Accountable, Consulted, Informed) for cybersecurity tasks. This tool clarifies each person’s role in security processes, from the executive level to individual contributors.
  • Incorporate security-related objectives into job descriptions and performance reviews. This could include metrics like participation in training sessions or structured programs for improving security awareness.
  • Share stories of how individual actions have positively impacted the organisation’s security posture. Recognition programs can highlight employees who demonstrate exemplary security practices.

Collective problem solving: Two heads are better than one

Cybersecurity gaps aren’t chasms to be feared but bridges to be built. Encouraging collaboration across departments can unearth solutions you might have overlooked. Remember, everyone brings a different perspective to the table.

Feeding information upwards

Open communication channels ensure that vital information reaches decision-makers promptly. This collective intelligence enables management to make informed choices aligned with the organisation’s risk appetite.


Encouraging cross-functional collaboration

Cybersecurity isn’t solely an IT issue; it intersects with all areas of your business. Encourage cross-functional collaboration wherever possible¾and don’t forget to crowdsource solutions from within, as employees can often have valuable insights into potential vulnerabilities and solutions.


You can also learn from external partners and industries¾sometimes, the best ideas come from outside your industry.

Actionable steps
  • Establish cross-functional teams to tackle cybersecurity challenges. These teams can include members from IT, HR, legal, finance, and operations, ensuring diverse perspectives and expertise.
  • Create an internal platform where employees can submit ideas or report concerns anonymously. Consider implementing a ‘bug bounty’ program that rewards employees for identifying security flaws.
  • Participate in industry forums and cybersecurity consortiums. Provide opportunities to attend cybersecurity conferences or bring in a specialist to consult with your security team to benefit from an outsider's view.

Skin in the game: Experiencing the consequences

It’s one thing to tell employees about potential cyber threats. It’s another to let them experience it firsthand. Workshops, simulations, and scenario testing can put your team through the wringer now, so they’re prepared for real challenges later. Think of it as a fire drill for cyber incidents. By exposing your workforce to simulated attacks, you build resilience.


Encouraging open dialogue: No question too small

Cybersecurity can be intimidating, but it doesn’t have to be. Encouraging questions and providing accessible resources demystifies the topic. After all, the only silly question is the one that isn’t asked.

Cultivating a no-blame culture around cybersecurity is crucial. Fear of punishment can deter employees from reporting mistakes or potential issues. Create an environment where employees feel comfortable speaking up¾if someone notices a phishing email or a suspicious link, they should report it without hesitation. Open lines of communication allow you to address concerns promptly.

Actionable steps
  • Establish policies that focus on learning and improvement rather than assigning blame when incidents occur. Encourage transparency and honest communication.
  • Host regular town halls or virtual meetings where employees can ask questions about cybersecurity. Bring in experts to discuss emerging threats and trends.

Rewards, results, and visibility: The triple R of cyber success

Open tracking and transparency

Visibility of your progress isn’t just for the boardroom. Transparency about your organisation’s security posture fosters trust and collective responsibility. Sharing milestones and setbacks with your workforce fosters a collective sense of purpose.

Taking everyone on the journey

Celebrate the wins, no matter how small. Positive reinforcement encourages ongoing engagement. Acknowledging these achievements motivates everyone, whether it’s a successful phishing awareness campaign or meeting compliance standards.

The never-ending cycle

Cybersecurity isn’t a set-and-forget endeavour. It’s a continuous loop of assessment, implementation, and improvement. Embrace a growth mindset¾cybersecurity is an ever-evolving field, and complacency is the enemy.

Actionable steps
  • Publish internal reports on security metrics, incidents, and resolutions. Highlight what you learned and how processes will improve moving forward.
  • Implement recognition programs that reward employees for contributing to cybersecurity efforts. This could include bonuses, public acknowledgment, or other incentives.
  • Encourage continuous learning and adaptation. Provide opportunities for professional development and stay abreast of the latest technologies and threats.

Building a culture that stands the test of time

Fostering a healthy cybersecurity culture is a multifaceted endeavour that extends beyond implementing the latest technologies or enforcing strict policies. It’s about people—engaging them, empowering them, and making them active participants in your organisation’s security journey.

By adopting innovative strategies such as empowering cyber champions, leveraging AI for personalised training, and fostering open dialogue, we can build a resilient cybersecurity culture that protects against current threats and can adapt to future challenges.

The road ahead may be complex, but with leadership commitment, employee engagement, and a willingness to embrace new approaches, organisations can turn cybersecurity from a daunting challenge into a strategic asset.

“Remember, a healthy cybersecurity culture is an ongoing commitment—a marathon, not a sprint. It requires effort from all levels of an organisation, from the mailroom to the boardroom.”

Daniel D’Souza, Head of Information Security Solutions at Canon Business Services ANZ


Cybersecurity is no longer just an IT department headache—it’s everyone’s responsibility. You’re not just building a defence mechanism by embracing leadership roles, understanding your unique context, fostering ownership, encouraging collaboration, and maintaining transparency. You’re cultivating a more resilient organisational culture.

So, the next time you consider your company’s cybersecurity posture, ask yourself: Are we merely ticking boxes, or are we truly embedding cybersecurity into our organisational DNA?

Related Services

IT SECURITY AND COMPLIANCE CYBERSECURITY ASSESSMENTS Cloud Security Assessment Essential 8 Security Assessment Cybersecurity Uplift data sheet Compliance and security uplift for Government

Trending Stories

Fostering a healthy cybersecurity culture Digital transformation in different industries MSP vs MSSP

Similar Articles

VIEW ALL
alt-description
Data Analytics Microsoft Business Modernisation Business process automation IT security & compliance Cybersecurity Assessments Cybersecurity Uplift

What is Security Automation?
Learn how automated security transforms cybersecurity, making it simpler and more efficient. Protect your business data with CBS Australia's expert insights now!
alt-description
IT security & compliance Cybersecurity Uplift Cybersecurity Assessments

What are the benefits of penetration testing?
Gain confidence in your digital security with the benefits of penetration testing. Enhance cybersecurity, identify vulnerabilities, and fortify your defences with CBS Australia's expert insights now!
alt-description
Cybersecurity Assessments Cybersecurity Uplift IT security & compliance

Cybersecurity Threat Detection: Proactive strategies
Stay ahead in cybersecurity with our 2024 guide on threat detection. Learn advanced technologies & response plans to protect your business against threats with CBS Australia.
alt-description
Application Modernisation IT managed services IT security & compliance

Digital transformation in different industries

Discover how digital transformation is driving innovation across industries like healthcare, finance, and retail. Learn how AI, IoT, and cloud computing are reshaping business models and enhancing customer experiences.
alt-description
IT security & compliance Cybersecurity Assessments

Ultimate guide to internal penetration testing
This Internal Penetration Testing guide covers techniques, analysis, and best practices for identifying vulnerabilities & strengthening your cyber defense in Australia.
alt-description
IT security & compliance Cybersecurity Assessments Cybersecurity Uplift

The Threat Intelligence Lifecycle explained
Discover how to navigate the Threat Intelligence Lifecycle in 2024. Our guide covers phases, analysis, and best practices for cybersecurity decision-making in Australia.
alt-description
Cybersecurity Assessments Cybersecurity Uplift IT security & compliance

What are the latest cyber threats and defense strategies?
Enhance cybersecurity, identify vulnerabilities, and fortify your defences with CBS Australia's expert insights now!
alt-description
IT security & compliance Cybersecurity Assessments

Understanding Blue Teams in cybersecurity
Explore Blue Teams' pivotal role in cybersecurity: their defense strategies, Red Team collaboration, and trends with CBS Australia's expert insights now!
alt-description
IT security & compliance Cybersecurity Uplift

Enhancing incident response with event log tools
Boost incident response with event logging tools. Learn types, setup, and analysis for optimal system performance for your Australian operations.
alt-description
IT security & compliance Microsoft 365 Government Financial Services Microsoft Business Modernisation Application Modernisation

A guide to Microsoft 365 security best practice
Secure Microsoft 365 effectively with best practices. From MFA to Secure Score, fortify your defenses against evolving cyber threats in Australia.
alt-description
IT security & compliance SIEM Compliance & Governance

SIEM alert management strategies
Explore SIEM compliance for strong cybersecurity in Australia. Learn key components, regulatory standards, and implement effective SIEM solutions today!
alt-description
IT security & compliance SIEM

A comprehensive comparison of SIEM and XDR
Explore SIEM and XDR for robust cybersecurity. Learn how they complement each other. Enhance your defense against evolving threats in Australia.