According to a newly published global security survey of 1460 executives worldwide by management firm Accenture, including in Australia, 74% of respondents said mobile computing would raise cyber risk moderately or significantly – and artificial intelligence will increase risk by 86%.
The survey also found that:
- Sixty percent of respondents said all employees receive cyber security training upon joining the organisation and have regular awareness training throughout employment.
- Surprisingly, only 40% of CISOs said establishing or expanding an insider threat program is a high priority.
- Just 40% of CISOs said they always confer with business-unit leaders to understand the business before proposing the latest cyber security technologies.
- Eighty-six percent of respondents say the amount of sensitive or confidential data exchanged would increase over the next three years, yet only 41% said that the data exchanged is adequately protected by their cyber security strategy.
Accenture says that while most companies have a chief information security officer or assigned cyber security to a C-suite executive, such as a chief information officer, often, these leaders had “limited influence on cyber security strategy outside their departments”.
Additionally, nearly half of CISOs acknowledge that their responsibilities for securing the organisation are growing faster than their ability to address security issues, Accenture says.
In the Accenture study — “Securing the Future Enterprise Today – 2018" — 73% of the Australian C-level executives polled, agreed that cybersecurity staff and activities need to be dispersed and executed throughout all parts of the organisation, but cyber security remains centralised in 82% of companies.
“Moreover, there is little indication that C-suite executives expect to shift more responsibility for cyber security to business units. For example, 21% of respondents say business unit leaders are accountable for cyber security today and 33% believe business unit leaders should be responsible in the future,” the report notes.
“There is no doubt that organisations are taking cyber security more seriously. However, there is still much work to be done,” said Joseph Failla, Accenture’s Security Lead for Australia and New Zealand.
“Cyber security strategy needs to be led by the board, executed by the c-suite and owned at the front lines of the organisation. Further, it must be infused across all aspects of a company’s processes and systems, and built into the daily work activities of employees.
“To be able to grow confidently, companies can establish sustained cyber resilience through a continual, proactive focus on cyber risk management at all levels.”
Accenture says the study exposed a disparity between what Australian c-suite executives say are the emerging areas of concern and the cyber security strategies employed for protection.
“For example, companies are still doing little to spread security knowledge among employees and very few CISOs have the authority to influence business units across their organisations,” Accenture says.
According to Accenture, Australian C-suite executives view several types of new technologies and tools as raising cyber risk for their companies and “they’re highly concerned about the potential dangers of sharing data with third parties”.
The Accenture study recommends five actions for securing the enterprise in the future:
- Make your business leaders resilience leaders. Security must be in the room when strategy is being decided and options are being weighed to advise on risk mitigations.
- Support the security leader as a trusted business enabler. New roles and skills are needed inside the organisation to implement pervasive cyber resilience
- Make your workforce part of the solution. Companies must make clear that employees are accountable for security.
- Be an advocate for protecting customers. Go beyond compliance and become advocates for customers when it comes to protecting data.
- Think beyond your enterprise to your ecosystem. Work with these ecosystem partners to jointly protect their organisations.