The recent Optus data breach has exposed just how vulnerable our personal information is in the hands of major corporate organisations. It’s naïve to believe that the hacker behind the Optus data breach says it has deleted its only copy of customers' information and it no longer cares about a ransom.
The warning signs that company boards are not well equipped to deal with the risks that come with constantly evolving technology and cyber security risks have been around for some time. Many boards and executive have not yet come to terms with the reality that cybercrime is here to stay and requires significant planning to avoid becoming a victim.
The Governance Institute of Australia recently released the results of a survey that showed an overwhelming majority of respondents believe a company board should be involved in technology and cyber issues — 94 percent.
However, a third of respondents believed their organisation's board lacked the ability to deal competently with these issues — 34 percent and almost half of respondents believed their organisation's management and protection of data was average — 41 percent — or poor — 5 percent.
A recent University of New South Wales analysis of cyber security skills of ASX 100 company directors found that less than one (1) percent have cyber experience, with only 16 percent having technology experience. Even more alarming is that 80 percent of boards have neither cyber nor technology representation.
Boards and executives need to avoid thinking it will never happen to them and take active steps to understand and mitigate the risk of a cyber-attack. Whilst many businesses are only just starting to get on top of life post the pandemic, cyber criminals have been actively refining their skills and working on new more innovative means of attacking organisations.
Apathy towards cyber security is extremely dangerous to a company’s brand and reputation. You only have to look at the Optus experience and the unenviable position of its CEO.
About the Author
Stephen Helberg is an Partner at Alac Partners and Co-Founder of GRCReady.com. Stephen's experience includes extensive board level, executive management and governance experience, nationally and globally across diverse industries, and in top ASX20 organisations.