Australian boards lagging behind on cyber – report

Among the respondents, only 54% of Australian board members were confident in their board’s understanding of systematic risks from cyber threats – the second lowest among the 12 countries surveyed (the global average is 75%). Meanwhile, 72% said they feel they have made adequate investments in cybersecurity.

Read more: Employers more confident in addressing cybersecurity challenges

The report also found that half of the Australian boards surveyed agreed that organisations must be required to report a material cyberattack to regulators within a reasonable timeframe, the lowest of 12 countries (the global average is 80%), while 34% disagreed (the highest of all countries). Additionally, 56% of Australian boards said they discuss cybersecurity at least monthly, another low percentage compared to the global average of 76%.

Lucia Milică, vice president and global resident CISO at Proofpoint, advised boards to get on the same page as their CISOs to boost their organisation’s cyber resilience.

“It is encouraging to see that cybersecurity is finally a focus of conversations across boardrooms. However, our report shows that boards still have a long way to go in understanding the threat landscape and preparing their organisations for material cyberattacks,” Milică said. “The board-CISO relationship is instrumental in protecting people and data, and each side must strive toward more effective communication and collaborative effort to ensure organisational success.”

Dr. Keri Pearlson, executive director at CAMS, emphasised that board members play a key role in their organisation’s cybersecurity culture and posture. Therefore, they must understand the cybersecurity threats their organisation faces and their organisation’s strategy to be cyber resilient.

“Board members need to look for ways to make CISOs their strategic partners. With cybersecurity risk front and centre on boardroom agendas, a better alignment of CISOs’ and boards’ cybersecurity priorities will only serve to improve their organisations’ protection and resilience,” Dr. Pearlson added.