Australia lags behind the rest of the world in its attitudes towards cyber
The PricewaterhouseCoopers (PwC) Global Digital Trust Insights Survey 2023 revealed the cyber attitudes and practices of many Australian businesses.
After surveying 3,500 global and Australian CEOs and other senior executives, PwC’s report highlighted how, despite recent breaches that Australians’ cybersecurity is not as foolproof as previously believed90% of Australian respondents believe that reporting such breaches is a risk that could lead to loss of competitive advantage, compared to 70% globally.
Regarding, 81% of Australians surveyed felt that new requirements for mandatory disclosure of cyber incidents to investors or national cyber authorities would deter them from sharing information with law enforcement, compared to 64% globally.
Rob Di Pietro, head of cybersecurity and digital trust at PwC Australia, said relevant stakeholders are yearning for more information on how companies manage their cyber exposure risk, especially regulators, who want “visibility into cyber practices because they want to protect citizens from fraud and loss of privacy, help investors make better decisions, and prevent industry or system disruptions.”
He explained how “cybersecurity should be seen as a team sport – it shouldn’t be siloed within departments or organizations.”
“Improving cybersecurity should be expressed as an opportunity, not a burden, and ultimately as a means to help organizations achieve their goals,” Di Pietro said.
He noted that while Australian businesses are increasingly adept at using data to better understand and respond to their customers’ needs and wants, more can be done “to derive lasting value from this transformation”.
The survey found that Australian organizations are increasingly reactive than their global counterparts, with 63% saying they invoke cybersecurity plans after the fact, compared to 53% of global companies, who say they take an approach anticipatory and preventive.
When it comes to cyber incident management, 89% of Australian businesses agreed that mandatory disclosure of cyber incidents requiring comparable and consistent formats was necessary to gain stakeholder trust. Additionally, 90% of companies expressed their expectation that the government will develop cyber techniques for the private sector based on knowledge gained through mandatory cyber incident disclosure.
“Data is valuable to organizations and cybercriminals – some have called it the ‘new oil’,” Di Pietro said.
“Customers expect their data to be effectively protected and, when no longer needed, not retained. Businesses should be aware of this trend, which will only increase in Australia as changes Privacy Act are implemented. »
He stressed that “customer consent and privacy must be taken seriously.”
The good news for consumers is that 60% of Australian organizations will increase their cyber budget for 2023.
In terms of breach communication priorities, the top three priority stakeholders listed by Australian businesses were CEOs, consumer protection regulators and value chain participants. Interestingly for Mr. Di Pietro, the councils ranked fifth, compared to first globally.
“This result is surprising given the key role that boards must play in setting the cyber agenda, as well as the growing liability of Australian directors under cyber posture regulations.
“Therefore, Australian leaders are advised to better engage with their boards and make that engagement a priority,” he said.
Mr. Di Pietro acknowledged that cybersecurity presents significant challenges for Australian businesses; however, with it comes a great opportunity. Building trust with customers, communities and shareholders is key to harnessing the potential presented by digital transformation. Such a culture must be directed from the top down.
He explained that the report “shows that the Australian C-suite is on the right track, but there is still a lot of work to be done. And this work will inevitably occur in the context of an evolving regulatory landscape, new and sophisticated threat vectors, and budgetary constraints.
Mr. Di Pietro concluded that “the key takeaway for our country’s cyber C-suite must be to work smarter and get the message across with force.”