Australian CEOs Struggling to Face Cyber Risk Realities
Tech Republic – Ben Abbott
The lack of engagement among Australian CEOs with cybersecurity matters is concerning, considering the number of high-profile cyberattacks in the region.
The research by Accenture reveals a significant gap in awareness and involvement in cybersecurity at the top levels of leadership.
Here’s a more detailed look at the situation:
– **CEO Engagement**: Only 19% of Australian CEOs reportedly incorporate cybersecurity discussions in board meetings.
Furthermore, 34% view cybersecurity as an “episodic” concern rather than one requiring continuous attention, indicating a lack of recognition of its strategic importance.
– **CISO and CIO Roles**: There is a widespread belief among these CEOs (91%) that cybersecurity is primarily a technical function delegated to CISOs or CIOs.
This mindset suggests a reluctance to take a more hands-on approach to understanding and managing cyber risk as part of their own leadership responsibilities.
– **Understanding of Cyber Threats**: A mere 28% of Australian CEOs feel they have deep knowledge of the cyber threats their organizations face.
Coupled with this is a stark 93% who doubt their companies can effectively prevent or respond to future cyberattacks, reflecting a significant confidence gap.
– **Rising Costs and Panic**: While the cost of data breaches and the threat level continue to rise, instead of a proactive engagement, there’s a noted sense of panic among CEOs.
However, this fear isn’t translating into action, with some CEOs paralyzed by the complexity of cybersecurity issues.
– **Communication Gap**: The technical nature of cybersecurity and its jargon can be overwhelming for non-technical CEOs, leading to disengagement.
There is an opportunity for IT leaders to bridge this gap by translating cybersecurity language into business terms that emphasize managing risks and costs, as well as reinforcing the impact on brand and regulatory compliance.
Accenture’s Security Director for Australia and New Zealand, Jacqui Kernot, emphasizes the need for CEOs to become more involved and informed about cybersecurity risks.
She suggests several methods to increase cyber risk engagement among CEOs and boards:
1. **Direct Communication**: Suggesting CISOs should report directly to the CEO to ensure cybersecurity issues receive the necessary attention.
2. **Best Practice Frameworks**: Encouraging the use of frameworks like NIST or Australia’s Cyber Operational Resilience Intelligence-led exercises to identify and address gaps.
3. **Speak the Language of Business**: IT leaders should convey cybersecurity challenges and solutions in terms that relate to overall business risk and financial impact.
4. **Board Engagement**: Boards of directors are increasingly concerned about cybersecurity, and IT leaders can guide their understanding and response to these risks, especially given the recent regulatory warnings to boards about their accountability.
5. **Cyber Simulations**: Utilizing cybersecurity simulations to drive home the reality of cyber risks and the uncomfortable consequences of being unprepared, thus encouraging more proactive and engaged decision-making.
In summary, there is a critical need for Australian CEOs to step up their involvement in cybersecurity oversight, breaking through the fear and technical barriers, to protect their organizations more effectively in an increasingly volatile cyber threat landscape.
Link: https://www.techrepublic.com/article/australian-ceos-cybersecurity/