In boardrooms around the country, cyber security has evolved from a technical risk to a business risk with the ability to impact corporate reputation, value and operation availability. The increasing dependence on digital services and databases, combined with the proliferation of Internet of Things technology has Australian CEOs doubling down on cyber security. And with 96 percent of Australian CEOs reporting increasing investment in cutting edge digital solutions, the need for strong cyber-defence will only grow.
Australian top business leaders are stepping up to take more ownership of cyber security as part of their leadership role, according to KPMG’s latest Global CEO Outlook. The research polled nearly 1300 CEOs globally and found 94 percent of Australian CEOs believe mitigating cyber security risks is an embedded part of their role.
Their challenge, is keeping up to date with a fast-changing environment.
Despite the attention being paid to cyber security, the readiness of companies to mitigate attacks is still low. Just 57 percent of CEOs feel fully prepared for a cyber-attack. When it comes to specific type of attacks, Australian and international companies tend to have similar levels of confidence in their defences. Australian CEOs reported the greatest level of readiness for business data theft at 54 percent and the lowest level of readiness for Ransomware and DDOS attacks, both at 31 percent.
Where Australian companies diverge from their international peers is in their perceived readiness for attacks such as Social Media hacking with 52 percent of Australian CEOs fully prepared compared to 42 percent internationally. Conversely, Australia’s 31 percent readiness for a Distributed Denial of Service (DDoS) attacks was significantly lower than the 44 percent of international CEOs who declared their companies to be fully ready.
Australian CEOs face a number of challenges when it comes to increasing their company’s level of readiness. For one, Australia does not have the same supply of cyber experts that many other markets enjoy. 65 percent of Australian CEOs saw human capital as a major challenge for tackling cyber security compared to 47 percent globally. The difficulty in finding qualified and experienced talent to address cyber risks and grasp opportunities is holding back the Australian cyber security sector. If Australia is to overcome this challenge it is important that industry, government an academia work together to foster new talent.
This challenge is compounded in Australia by low awareness of the ROI from cyber defence. 50 percent of Australian CEOs say that companies “need to be smarter” in tracking the impact of cyber security investments. This is higher than the 42 percent reported globally.
While there are challenges for Australian companies looking to strengthen their cyber capabilities, CEOs are alert to the need for greater innovation and are looking to prioritise their investment in cyber.
And, alongside investment in cyber resilience, the question becomes one of how to respond in the case of a breach. The fallout from high profile attacks has brought home to businesses the fact that they need be prepared to respond. It’s a fine balance. Saying too much to the market can impact your reputation, but so does not saying enough.
The changes to the Australian Privacy Act and the mandatory data breach notification laws coming underline the severity of these situations. In many cases, it is not the fine that businesses will be concerned about, it’s the impact that a disclosure of a data breach will have on customer trust.