Share this article on:
Senior decision makers within organisations must accept accountability and assume responsibility for the security protocols put in place to bolster cyber defences, according to Somerville CEO Craig Somerville.
Despite regular media reports of large-scale malicious cyber attacks, many Australian company directors remain oblivious to the steps they should be taking to improve the readiness of their organisations.
Designed to cause disruption or elicit financial gain, the attacks are increasing in both number and sophistication. In reality, it’s a matter of ‘when’ rather than ‘if’ any organisation will become a victim.
The issue was highlighted recently with the release of a discussion paper by the Department of Home Affairs. The paper called for comment on proposed governance standards designed to improve cybersecurity risk management practices in listed companies and other large organisations.
The discussion paper highlighted three key areas of action. These included setting clear expectations of how organisations would manage risks, increasing transparency and disclosure requirements, and protecting consumer rights.
Further action required
While this initiative should be applauded, it unfortunately does not go anywhere near far enough. The discussion paper raises the possibility that any new guidelines would not be mandatory and compliance left up to individual organisations. It also highlights that guidelines would be ‘principles based’ rather than prescriptive.
If Australian organisations and citizens are to be better protected from the serious damage that can be caused by cyber attacks, far more needs to be done. Penalties need to be in place that ensure the issue receives the required level of attention from board members and senior managers and required initiatives are undertaken.
To improve the readiness of Australian organisations for cyberattacks and ensure IT infrastructure are robust and secure, a number of key steps are needed. These steps include:
By following these steps, Australian organisations can be much better placed to withstand cybersecurity incidents when they occur. Time spent addressing the challenge today can prevent significant losses and disruption tomorrow.
Craig Somerville is the CEO of security services provider Somerville.