An Interview with Stuart Harrison, Chief Information Security Officer, Medibank

"Treat your supply chain for what they are – a logical extension of your organisation. Put the people, processes, and technologies in place to provide visibility and understanding of every supplier."

FST Media: You recently headed the revamp of Medibank’s cybersecurity strategy, which promoted a more data-centric security capability. In an increasingly multi-pronged threat environment, how will this strategy bolster Medibank’s cyber resilience?

Harrison: Our aim is to design controls commensurate with the sensitivity of the data itself and ones that ‘follow’ the data throughout its lifecycle. Effectively, this means that – by default – we simultaneously guard critical data at rest and in-transit across a multitude of IT environments, for example, on-premises, cloud, and hybrid.

FST Media: What do you rate as the most pressing security threat unique to health insurers today? Is the industry adequately prepared to address this threat?

Harrison: Given the sensitive nature of information insurers often hold, the highest threat is the potential compromise of someone’s privacy.

As far as industry preparedness is concerned, the answer is: “it depends”…

FST Media: Given the financial services industry’s growing concerns around supply chain attacks, how can organisations better address blind spots to mitigate third-party risks?

Harrison: Treat your supply chain for what they are – a logical extension of your organisation. Put the people, processes, and technologies in place to provide visibility and understanding of every supplier. Have a clear definition of what ‘good’ looks like and how you can measure improvement over time effectively, i.e. govern in-line with your risk appetite, which should be based on the sensitivity of the data you are entrusting to each supplier.

FST Media: Within the next 18 months, what emerging technology would you like to see play a more prominent role in Australian FSIs’ information security management systems?

Harrison: Machine Learning, coupled with a substantial focus on orchestration and automation, to really drive speed, quality and integrity, as well as resilience and workforce-scalability in every aspect of security.

FST Media: Cybersecurity is an ever-evolving discipline with persistent, often inscrutable threats. What, then, do you feel are the hallmarks of the best cybersecurity leaders?

Harrison: Honesty, integrity, humility, bravery, curiosity, intellect, determination, confidence, and empathy.

FST Media: On a more personal note, what is the best career advice you have received and how have you put it into practice?

Harrison: A quote from Nelson Mandela: “I never lose. I win, or I learn”.  This advice, along with my upbringing, helped me become adaptable and determined enough to overcome [extremely] difficult times, both personally and professionally.


Stuart Harrison will be a featured keynote speaker at the Future of Security, Sydney (2 April) and Melbourne (4 April), 2019. Register now to secure your spot!


Related Stories

An Interview with Fiona Macgregor, Chief Information & Innovation Officer, TAL
FST Media: TAL has long been recognised for its ambitious, human-centred innovation program. Tell... Read More
An Interview with Carolyn De Gois, Special Advisor, Office of One VPS
FST Government: One VPS is unique among the states, established as a dedicated team to foster and... Read More
An Interview with Dr Rachna Gandhi, Executive General Manager Customer, Digital & Partners, Suncorp Group
FST Media: How do you see today’s leading-edge digital innovations shaping the insurance industry... Read More
An Interview with Brendan Mills, Chief Information Officer, nib Group
FST Media: Since you last spoke with FST Media back in 2015, nib's digital innovation program has... Read More