Leadership in an Age of Cyber Risk: Why Security Starts with People 

Cybersecurity is often discussed as a technology problem. Firewalls, software updates and AI tools usually dominate the conversation. But according to AIB graduate and CYBR CEO Jasmin Ilic, the bigger challenge facing organisations is people. 

Speaking at AIBconnect Adelaide, Jasmin shared her insights on helping businesses navigate cyber risk, AI adoption and organisational change. Her message was clear: cybersecurity is no longer just an IT issue. It has become a leadership responsibility that shapes how organisations innovate, communicate and build trust. 

“Cybersecurity is what we do to minimise disruption and impact when bad things happen,” she explained. “But it’s also about giving people and businesses the confidence to embrace what’s next.” 

From psychology to cybersecurity 

Before moving into the technology industry, Jasmin worked in operational leadership and studied psychology, an experience that continues to shape how she approaches cyber risk today. 

Her career transition happened during the COVID-19 pandemic when she left the hospitality industry and moved into technology consulting. What began as an opportunity to build a cybersecurity practice quickly developed into a deeper interest in the relationship between human behaviour and digital risk. 

“What fascinated me most was why we were still having the same conversations,” she said. “We all know we shouldn’t reuse passwords or click suspicious links, but people still do it.” 

That perspective helped Jasmin identify a gap in the industry. While many organisations focused heavily on systems and technical controls, fewer were addressing the behavioural and cultural factors influencing decision-making inside workplaces. 

Two key themes from her journey stood out during the discussion: 

• Technical solutions alone don’t change behaviour – Most employees already know basic cybersecurity advice. The challenge is helping people build safer habits consistently.
• Human behaviour shapes organisational risk – Understanding how people respond to pressure, uncertainty and change is critical when building secure workplaces.

Why leadership matters in cybersecurity

For many organisations, cybersecurity still sits largely within technical teams. Yet as digital tools become embedded across business operations, the impact of cyber risk now extends far beyond IT departments.

Throughout the session, Jasmin encouraged leaders to think differently about security. Rather than viewing it only as protection against threats, she framed cybersecurity as something that enables innovation, resilience and business continuity.

That shift in thinking becomes increasingly important as organisations adopt AI tools and work within more complex digital environments. According to Jasmin, leaders now need to balance innovation with responsibility while helping teams adapt to rapid technological change.

She highlighted several areas leaders should focus on:

• Build understanding, not just awareness – People are more likely to make safer decisions when they understand why security matters and how their actions affect the wider organisation.
• Support teams through change – New systems and technologies require strong communication and change management to succeed.
• Treat cybersecurity as a business-wide responsibility – Cyber risk now affects reputation, customer trust and long-term resilience, making leadership engagement essential.

Why banning AI rarely works 

Artificial intelligence (AI) has rapidly become part of everyday work, regardless of whether organisations officially approve its use. That disconnect between policy and reality was one of the strongest themes to emerge during the discussion. 

Jasmin shared an example from a recent client engagement where leaders believed their organisation was not using AI tools at all. In practice, employees had already developed workarounds using personal devices and external platforms to complete tasks more efficiently. 

“If you don’t give people the tools they need and help them understand the boundaries, they’ll find another way,” she said. “People are resourceful.” 

For Jasmin, this highlights a growing challenge for organisations attempting to block AI use entirely. Restrictive policies can unintentionally push usage underground, creating greater risks through unmanaged and unmonitored behaviour. 

Instead, she encouraged leaders to focus on responsible adoption by creating clear expectations, practical guardrails and open conversations about how AI tools should be used: 

• AI adoption is already happening – Employees may already be experimenting with AI tools independently, even when organisations believe they are not. 
• Visibility matters more than restriction – Leaders need to understand how teams are actually using AI before they can manage risks effectively. 
• Innovation and governance need to work together – Clear guardrails help organisations adopt new technologies confidently rather than slowing progress entirely. 

The human side of cyber risk 

Despite advances in technology, many organisations are still struggling with basic cybersecurity behaviours including password management and multi-factor authentication. The issue, however, is rarely a lack of information. 

“We’ve known for years what people should be doing,” Jasmin said. “The challenge is understanding why behaviour doesn’t change.” 

Her psychology background has shaped the way she approaches this problem. Rather than focusing only on systems and policies, she looks closely at the motivations, habits and decision-making patterns that influence workplace behaviour. 

She also spoke about the role optimism plays in Australian culture and how it can create blind spots around cyber risk. 

 “We are a very optimistic country,” she explained. “That optimism is part of what makes Australia a great place to live, but it can also lead people to think cyber incidents won’t happen to them.” 

 The discussion also reinforced broader leadership lessons. Fear-based messaging rarely changes behaviour long term, with awareness campaigns alone often struggling to create lasting habits or genuine engagement. It also highlighted how strongly workplace culture influences security outcomes, as people are more likely to adopt secure practices when they feel supported rather than blamed. 

Building a secure future 

Alongside her role as CEO and Co-Founder of CYBR, Jasmin is also deeply involved in industry development and community leadership across South Australia. 

She serves as a Chapter Lead for the Australian Women in Security Network (AWSN), supporting initiatives focused on attracting and retaining more women in cybersecurity careers. She also chairs the Adelaide Economic Development Agency (AEDA) Advisory Committee and contributes to programs supporting young professionals and business growth across the state. 

Through CYBR’s social impact model, the business also supports initiatives aimed at improving cybersecurity awareness and accessibility, particularly for smaller organisations that may lack specialist resources. 

Her perspective resonated strongly with attendees, particularly those navigating technological change within their own organisations. 

As businesses continue adapting to AI, automation and evolving digital risks, Jasmin’s message offered an important reminder that leadership remains at the centre of successful change. 

Technology will continue to evolve quickly, but organisations still depend on people to make decisions, build trust and shape culture. 

Thank you to Jasmin for sharing her experience and perspective with the AIB community. Her session sparked thoughtful conversations around leadership, technology and the role people play in building more resilient organisations.