How do the nation’s business and industry leaders see the current state of cyber security in Australia? PWC’s Australia’s 2023 Global Digital Trust Insights Survey answers that question.
Comparing 2023 with the current year, 67% saw threats from cyber criminals as significant concerns for their organisations. Hacktivists were of concern to 52% of respondents while insider threats were an expected source among 58%. As you’d expect, threats from competitors were significant at 57% but nation states generated the lowest concern at 29%. These results don’t differ significantly from global results, except for insider and competitor threats.
88% of respondents said they’d be able to provide the required information about a significant incident within the time limitations, while 90% indicated that they expect the government to develop techniques for the private sector based on the knowledge base resulting from mandatory disclosures, 28% said their cyber budgets would remain the same, while 25% intended to increase their budgets by 6-10%. In general, 60% of respondents intended to increase their budgets.
Notably, 37% of Australian respondents are more concerned about compromised software supply chain issues than the 26% concerned globally. Also, a probable lack of faith in governmental institutions resulted in 81% of respondents believing that mandatory disclosure requirements would discourage sharing information with law enforcement. The global level for this concern is 64%.
Similarly, 90% of Australian respondents felt that public information sharing and transparency is a risk that could lead to a loss of competitive advantage compared with 70% globally.
The percentages of Australian respondents fearing attacks from most vectors was mildly higher than global respondents but significantly higher in a few areas. Only 37% reported taking a preventative approach while 53% of global companies took mitigating steps in anticipation of an incident.
CISOs and CIOs retain most key cyber responsibilities but CEOs, CFOs and CDOs were also well represented across all areas. 22% of Australian respondents reported the CEO as bearing this responsibility.
The Report calls on Boards to:
- Ensure adequate time is allotted to the CISO and cyber-related matters at meetings;
- Don’t settle for substandard board reporting – demand meaningful information and the insights required to instil confidence the organisation is managing its cyber risks;
- Cybersecurity is not an end-state, so monitor how the company is making progress in its cyber posture and ability to defend against emerging threats; and
- Ask to take part in exercises that help understand the organisation’s cyber resilience.
Future-proofing Australian business is important. Over the last year, 82% said that they’d improved operational technology security; 75% had improved collaboration with engineering and other departments; 74% said they’d improved protection against ransomware; 74% had increased the value and efficiency of their cyber resources; and 73% had designed security and privacy into their new products and services.
70% of Australian organisations use individual, pre-defined plans and processes designed for responding to specific disruptions after the event. Just 30% promote an integrated and agile operating model that can respond to a diverse set of disruptive events. Australia’s awareness and understanding of broad and simultaneous risks across the entire organisation seems to be a bit higher than global concerns of this nature.