Share this article on:
Despite cyber security being on board agendas more than ever before over the past 24 months and having adequate cyber security budgets, Proofpoint’s recent Board Perspective Report found that 59 per cent of Australian boards still feel unprepared to cope with a targeted attack.
Recently, the Australian Securities and Investments Commission (ASIC) announced at the AFR Cyber Summit that it will be cracking down on board directors and executives who are ill-prepared for cyber attacks and will be holding them liable for not taking sufficient steps to protect their customers and infrastructure from hackers.
ASIC will now demand that businesses have a thorough risk-management plan in place to avoid significant penalties. Engaging third-party cyber security providers as their only cyber preparedness tactic is not going to get them out of trouble in the wake of a breach either. It’s now apparent, if it wasn’t already, that boards and executives need to be educating themselves on cyber security best practice.
An agile approach to cyber security
Boards are under a lot of pressure to take preventative measures against cyber crime and work closer with the CIO/CISO/CSO to ensure they integrate security practices throughout the entire life cycle of a business rather than treating security as an afterthought or a once-a-quarter line item on the board’s meeting agenda. As hackers become smarter and businesses continue to transform and evolve, it’s important to continually reassess and enhance the cyber security strategy rather than it being set-and-forget.
Having an agile security strategy is imperative to reaching cyber resilience and is a good starting point for organisations as it emphasises flexibility, adaptability and responsiveness in the face of evolving threats and changing business needs. An agile security strategy will keep the focus on continuous monitoring, proactive threat detection, and swift response to security incidents.
There are three key benefits in which having an agile cyber security strategy in place can help boards and executives in their cyber preparedness journey:
1. Increased operational resilience and cost efficiency
By adopting an agile security strategy, organisations can achieve increased operational resilience, allowing them to better withstand and recover faster from security incidents. By implementing proactive security measures, such as continuous monitoring, risk assessment, and threat intelligence, organisations can minimise the impact of cyber threats on their operations. This reduces the likelihood of costly disruptions, downtime, or reputational damage.
An agile security strategy promotes a proactive approach to security that focuses on prevention rather than reactive measures, which is what can get boards and executives out of ASIC’s firing line. If organisations have a strategy in place that allows them to identify and mitigate potential vulnerabilities before they become the weakest links targeted by cyber criminals, companies can save substantial costs associated with incident response, remediation, and legal consequences.
2. Enhanced compliance and accountability
Organisations that implement agile security strategies are in a better position to meet regulatory compliance requirements and build stronger customer trust.
Compliance with data protection and privacy regulations, such as the Privacy Act, reassures customers that their information is handled responsibly and securely.
An agile security strategy fosters a culture of transparency and accountability within the organisation. By prioritising regular and updated security awareness training for employees and establishing clear communication channels between executives and their security teams, boards will be able to easily demonstrate their commitment to protecting customer data and maintaining their privacy while keeping themselves accountable.
3. Full security integration and business growth
By involving key stakeholders, such as boards, IT, legal, and business teams, in security decision-making processes, organisations can ensure that security considerations are integrated into all business strategies from the outset, with no stones left unturned.
Furthermore, an agile security strategy promotes a proactive approach to risk management whereby boards and executives become aware of potential security risks before they turn into problems. It enables businesses to make informed decisions and take calculated risks. This agility and adaptability in risk assessment enable businesses to seize growth opportunities while effectively managing and mitigating potential security challenges.
Implementing a cyber security strategy that prioritises flexibility and adaptability is the most sustainable approach to reaching cyber resilience. Executives are not only forced to get more involved with security discussions within their organisations, but they also need to be willing to let go of old structures if they want to avoid finding themselves in hot water. While breaches are inevitable, they won’t be the catastrophic event many fear if you have the right strategy and protections in place.
Noel Allnutt is the managing director at Sekuro.