Cyber-risk an every-day reality, warns ASX report


Tactical cyber-security and planning is taking a front seat across industry and government, against a backdrop of growing threats, according to a recent ASX report.

Cyber-security remains a top boardroom challenge for organisations – with proactive planning and risk management being catapulted to the top of the boardroom agenda. 

A recent “ASX 100 Cyber Health Check” report has confirmed that the industry and government are taking action to strengthen the resilience to cyber-attacks.

A broader alliance of industry, government and regulators highlighted the critical importance of strong national cyber-security planning. This planning was reinforced by the The “ASX 100 Cyber Health Check.”

This ASX report, and its findings, had incorporated the Australian government’s high-profile Cyber Security Strategy. This strategy encouraged government, regulators and businesses to collaborate on tackling cyber risk.

The cyber view from the boardroom reinforced trends the online economy was growing at twice the speed of the rest of the global economy. To harness its benefits, organisations needed to effectively manage their exposure to risk.

Among the trends, it was increasingly common for boards to rank cyber-risk as a key strategic issue. This required their focus, as well as leadership and governance.

“Cyber-risk is now an everyday reality,’” the ASX report said. “Every organisation faces a daily barrage of malicious cyber-activity. The vast majority are unsophisticated and unsuccessful.

“But the potential for a cyber-incident to cause major reputational and financial damage means that boards and management teams are spending more time and resources on developing their understanding and addressing cyber risks.”

The “ASX 100 Cyber Health Check” was the first attempt to gauge how the boards of Australia’s largest publicly listed companies viewed and managed their exposure to the rapidly-evolving cyber world.

The extent of cyber-risk management varied broadly across companies. However, this was marked by a high level of risk-awareness at the top levels of corporate Australia and a commitment to taking further action.

Despite significant progress, there were gaps when it came to building organisational preparedness and resilience. Among the trends, cyber-security was a major and growing risk. Tackling this challenge involved a culture of collaboration.

Many organisations had allocated a cyber-security budget. This, however, was still included in the overall IT budget rather than being standalone.

Organisations had a clear understanding of their disclosure requirements. This was especially important given Australia’s recently-enacted data breach notification regulations.

For most organisations, cyber-awareness training programs were a fairly recent practice. This was against a back-drop of cyber-attack attempts that were on the rise in the last 12 months.

Organisations remained unclear about how they would communicate a confidential data breach. “It appears that more needs to be done around detecting and responding to cyber intrusions given the majority response of only ‘somewhat’ confident,” the ASX report noted.