Despite a recent report claiming that Australian organisations have gained more confidence in addressing certain cybersecurity risks, a newly published report by cybersecurity and compliance company Proofpoint and interdisciplinary research consortium Cybersecurity at MIT Sloan (CAMS) found that only 58% of Australian boards prioritise cybersecurity compared to the global average of 77%.
The report, which surveyed 600 board members across 12 countries, explored board of directors’ perceptions about their key challenges and risks, particularly cyber threats and the risks boards face, their level of preparedness to address those threats, and their alignment with CISOs.
Among the respondents, only 54% of Australian board members were confident in their board’s understanding of systematic risks from cyber threats – the second lowest among the 12 countries surveyed (the global average is 75%). Meanwhile, 72% said they feel they have made adequate investments in cybersecurity.
The report also found that half of the Australian boards surveyed agreed that organisations must be required to report a material cyberattack to regulators within a reasonable timeframe, the lowest of 12 countries (the global average is 80%), while 34% disagreed (the highest of all countries). Additionally, 56% of Australian boards said they discuss cybersecurity at least monthly, another low percentage compared to the global average of 76%.
Lucia Milică, vice president and global resident CISO at Proofpoint, advised boards to get on the same page as their CISOs to boost their organisation’s cyber resilience.
“It is encouraging to see that cybersecurity is finally a focus of conversations across boardrooms. However, our report shows that boards still have a long way to go in understanding the threat landscape and preparing their organisations for material cyberattacks,” Milică said. “The board-CISO relationship is instrumental in protecting people and data, and each side must strive toward more effective communication and collaborative effort to ensure organisational success.”
Dr. Keri Pearlson, executive director at CAMS, emphasised that board members play a key role in their organisation’s cybersecurity culture and posture. Therefore, they must understand the cybersecurity threats their organisation faces and their organisation’s strategy to be cyber resilient.
“Board members need to look for ways to make CISOs their strategic partners. With cybersecurity risk front and centre on boardroom agendas, a better alignment of CISOs’ and boards’ cybersecurity priorities will only serve to improve their organisations’ protection and resilience,” Dr. Pearlson added.