The Optus Cyber-breach has been a significant wake-up call to the Board of Directors about the information we keep on our databases. There will be sweeping changes to legislation as a result of this breach, and organisations will be much more careful going forward as there will be an increase in fines and penalties for Board members if you get this aspect of your risk management framework wrong. Cyber-security breaches are a reality of doing business. However, taking appropriate steps to safeguard personal identifying data is critical and a core responsibility of the Board.