Login
iscover
PricewaterhouseCoopers’ (PwC) 2023 Global Digital Trust Insights Survey has found the attitudes and practices of many Australian businesses when it comes to cyber.
Having surveyed 3,500 global and Australian chief executive officers and other C-suite executives, PwC’s report has highlighted how, despite recent breaches that the cyber security of Australians is not as infallible as previously believed, 90 per cent of Australian respondents believe reporting such breaches was a risk that could lead to a loss of competitive advantage, as opposed to 70 per cent globally.
Concerningly, 81 per cent of surveyed Australians felt new requirements for mandatory disclosure of cyber incidents to investors or national cyber authorities would discourage them from sharing information with law enforcement agencies, compared with 64 per cent globally.
Rob Di Pietro, PwC Australia cyber security and digital trust leader, said relevant stakeholders yearn for more information related to how companies manage their cyber exposure risk, specifically, regulators, who want “visibility into cyber practices because they want to protect citizens from fraud and loss of privacy, help investors make better decisions, and prevent industry or system-wide disruptions”.
He outlined how “cyber security should be seen as a team sport — it should not be siloed within departments or organisations”.
“Cyber security uplift must be expressed as an opportunity, not a burden, and ultimately a vehicle to help organisations achieve their goals,” Mr Di Pietro said.
He did note that while Australian businesses are becoming increasingly adept at using data to better understand their customers’ needs and wants and delivering on this, more can be done “to capture lasting value from this transformation”.
The survey found that Australian organisations are increasingly more reactive than their global counterparts, with 63 per cent claiming they invoke cyber security plans after the fact, as opposed to 53 per cent of international corporations, which report taking an anticipatory and preventative approach.
When it comes to managing cyber incidents, 89 per cent of Australian companies agreed mandatory disclosures of cyber incidents requiring comparable and consistent formats were necessary to gain stakeholders and trust. Additionally, 90 per cent of companies expressed their expectation for the government to develop cyber techniques for the private sector based on the knowledge garnered from mandatory disclosure of cyber incidents.
“Data is valuable to organisations and cyber criminals alike — some have called it the ‘new oil’,” Mr Di Pietro said.
“Customers expect that their data is effectively protected and, when it is no longer required, is not retained. Business must be alive to this trend, which will only become more important in Australia as changes to the Privacy Act are implemented.”
He stressed that “customer consent and privacy must be taken seriously”.
The good news for consumers is that 60 per cent of Australian organisations will increase their cyber budget for 2023.
As for where priorities lie with regard to communicating breaches, the top three priority stakeholders listed by Australian businesses were CEOs, regulators for consumer protection, and value chain participants. Interestingly for Mr Di Pietro, boards ranked fifth, compared to first globally.
“This result is surprising given the key role boards must play in setting the cyber agenda, as well as the increasing responsibility Australian directors bear under regulation in relation to cyber posture.
“Therefore, it is advisable Australia’s C-suite engage better with their boards, and make this engagement a priority,” he said.
Mr Di Pietro acknowledged that cyber security does present significant challenges for Australian businesses; however, with that comes great opportunity. Building trust with customers, communities, and shareholders is pivotal to harnessing the potential presented by digital transformation. Such a culture must be driven from the top down.
He explained that the report “shows Australia’s C-suite is on the right track, but there is still a lot of work to do. And this work will inevitably be occurring against the backdrop of an evolving regulatory landscape, new and sophisticated threat vectors, and budgetary constraints.”
Mr Di Pietro concluded that “the key takeaway for our nation’s C-suite when it comes to cyber must be to work smarter and hit the message home hard”.
Newsletter
