A lack of cyber security regulation combined with the increasing sophistication of AI technology is putting Australian businesses and consumers at significant risk of cyber breaches and attacks. It’s no wonder cyber safety is one of the top issues keeping c-suite executives up at night, says Jacqui Kernot, Security Lead at Accenture ANZ.
Once the “bad guys” of the dark web realise a country has a “bit of a vulnerability” in terms of cyber security and regulation, “it’s game on”, Kernot says. Unfortunately for Australia, where regulations lag years behind those in Europe and the United States, this is the reality facing thousands of businesses and their customers.
“While organisations are taking steps to better align cybersecurity programs with business goals, there is still plenty of room for improvement, with more than 60% of respondents still falling victim to successful breaches coming from outside their organisations,” says Kernot quoting the Accenture State of Cyber Resilience 2023 report.
“Our relative obscurity and lack of regulation has led us to this stage around privacy …we’re almost having this big you know, wake up, [thinking] where are we where are we at? What do we need to do? It’s really clear that from a regulatory landscape, we’ve got a lot of lot to do in a short timeframe,” Kernot says.
Over the past two years, Australia has been plagued by several high-profile cyber-attacks that have left thousands of Australians vulnerable to breaches of their private information. It’s for that reason, and the fact that from a regulatory perspective, Australia is years behind its US and European counterparts in cyber safety, that cyber security is one of the top concerns for leaders today.
Australia is “coming off a low base” when comparing general data protection regulations in Europe, Kernot says. “That caused huge waves and [was] a great bit of legislation around privacy.”
In a recent cyber security conference in Europe, Kernot says industry leaders were talking about how out-of-date GDPR regulations were. Ironically, those “out of date” regulations still offer a lot more protection than what we currently have in Australia, she says. “They were saying ‘GDPR is so old hat, and I was thinking ‘gee, we would love to have GDPR!'”
Cyber strategies offer more than risk management
Kernot says for businesses that link their cyber strategies to business objectives – the benefits are broader than good risk management.
According to Accenture’s new report, Accenture State of Cyber Resilience 2023, companies that align their cybersecurity programs to business objectives are 18% more likely to achieve revenue growth and 26% more likely to lower the cost of cyber breaches.
“The accelerated adoption of digital technologies like generative AI — combined with complex regulations, geopolitical tensions and economic uncertainties — is testing organisations’ approach to managing cyber risk,” Kernot says.
“In this rapidly changing environment, business leaders need to embed cybersecurity into the fabric of their digital core transformation efforts to become business resilient. This is one of the key differentiating traits of cyber transformers, who demonstrate that they are better equipped to drive successful business outcomes.”
Four characteristics that set companies ahead in cyber
- Excel at integrating cybersecurity and risk management. Smart companies integrate a cyber risk-based framework into their enterprise risk management program and have their cybersecurity operations and executive leadership aligned on the strategy.
- Leverage “cybersecurity-as-a-service” to enhance security operations. Companies that excel in cyber are more likely than others to use managed services providers to administer cybersecurity operations.
- A commitment to protecting their ecosystem. Companies that excel in cyber are more likely to take actions like incorporating their ecosystem or supply chain partners into their incident response plan and to require them to meet strict cybersecurity standards.
- Rely heavily on automation. Companies that excel in cyber are more likely to rely heavily on automation for their cybersecurity programs.
The report suggests that organisations that embed three key cybersecurity actions into their digital transformation strategy and apply strong cybersecurity practices across the organisation are nearly six times more likely to experience more effective digital transformations than those that don’t do both.
Three key actions for your business now
- Require cybersecurity controls before all new business services and products are deployed.
- Apply cybersecurity incrementally as each digital transformation milestone is achieved.
- Appoint a cybersecurity representative as part of the core transformation team who orchestrates cybersecurity across all transformation initiatives.
Look back on the week that was with hand-picked articles from Australia and around the world. Sign up to the Forbes Australia newsletter here