Australian cyber security programs are dangerously centralised as security leaders struggle to collaborate with their c-suite peers, according to research from Accenture. Nearly half of CISOs surveyed acknowledge that their responsibilities for securing the organisation are growing faster than their ability to address security issues, according to the report.
The findings come form the Accenture study, Securing the Future Enterprise Today – 2018 which surveyed nearly 1500 executives from companies with annual revenues greater than $1 billion from 16 countries, including Australia.
The study concluded a new approach is needed to guard against new security threats like AI and rising data sharing.
- Leadership Webinar: Which-50’s 2019 Outlook and Business Transformation Drivers webinar is set for November 27. Register today!
While most companies have a CISO or assigned cybersecurity to a c-suite executive, such as a CIO, often these leaders have limited influence on cybersecurity strategy outside their departments.
73 per cent of the Australian c-level executives polled, agreed that cybersecurity staff and activities need to be dispersed and executed throughout all parts of the organisation, but cybersecurity remains centralised in 82 per cent of companies.
Moreover, there is little indication that c-suite executives expect to shift more responsibility for cybersecurity to business units. For example, 21 per cent of respondents say business unit leaders are accountable for cybersecurity today and 33 per cent believe business unit leaders should be responsible in the future.
“There is no doubt that organisations are taking cybersecurity more seriously, however, there is still much work to be done. Cybersecurity strategy needs to be led by the board, executed by the c-suite and owned at the front lines of the organisation. Further, it must be infused across all aspects of a company’s processes and systems, and built into the daily work activities of employees,” said Joseph Failla, Accenture’s Security Lead for Australia and New Zealand.
“To be able to grow confidently, companies can establish sustained cyber resilience through a continual, proactive focus on cyber risk management at all levels.”
Better Alignment Needed on Strategy and Protection Practices
The study exposed a disparity between what Australian c-suite executives say are the emerging areas of concern and the cybersecurity strategies employed for protection. For example, companies are still doing little to spread security knowledge among employees and very few CISOs have the authority to influence business units across their organisations.
- 60 per cent of respondents said all employees receive cybersecurity training upon joining the organisation and have regular awareness training throughout employment.
- Surprisingly, only 40 per cent of CISOs said establishing or expanding an insider threat program is a high priority.
- Just 40 per cent of CISOs said they always confer with business-unit leaders to understand the business before proposing the latest cybersecurity technologies.
Top Cyber Risks: New Technologies and Data Sharing
Australian c-suite executives view several types of new technologies and tools as raising cyber risk for their companies and they’re highly concerned about the potential dangers of sharing data with third parties.
- Artificial intelligence technology topped the list with 86 per cent of respondents saying that it will increase cyber risk moderately or significantly.
- 74 per cent of respondents said mobile computing will raise cyber risk moderately or significantly.
- 86 per cent of respondents say the amount of sensitive or confidential data exchanged will increase over the next three years, yet only 41 per cent said that the data exchanged is adequately protected by their cybersecurity strategy.