A cyber security strategy is a comprehensive roadmap outlining how an organisation will manage cyber risks, protect assets, and achieve regulatory compliance. In Australia, an effective cyber security strategy aligns with frameworks such as the ACSC Essential Eight, ISO 27001, and sector-specific regulations including APRA CPS 234 and the SOCI Act. The strategy defines risk appetite, identifies critical assets, prioritises investments, and establishes governance structures for oversight and accountability. It incorporates incident response planning, third-party risk management, and continuous monitoring capabilities. A well-defined cyber security strategy ensures alignment between technical controls and business objectives. By integrating cyber risk into enterprise planning, organisations strengthen resilience, enhance stakeholder trust, and ensure preparedness against emerging threats.