Australian boards and directors are to be targeted by a new education program on cyber risk and security that is being built by CSIRO’s Data 61 and the Australian Institute of Company Directors (AICD).
The two organisations signed a memorandum of understanding to create the cyber security education and training program.
The program will aim to “lift the digital and cyber literacy” of directors and boards, giving them a “better understanding” of how it might impact risk and investment decisions around “opportunities for innovation”.
“[This will] enable directors and their organisations to grow and innovate with confidence - based upon the information principles of confidentiality, integrity and availability of data,” the two organisations said.
“The program will focus on corporate governance and its application to the way people interact with technology and each other in a quantifiable and repeatable manner.”
Australia is in the midst of a major political refocus on innovation. The Government is heavily pushing for business investment in innovation, “ideas” and technical skills, backed by a $1.1 billion national innovation and science agenda (NISA).
The Data61-AICD program appears to be aimed at facilitating these growth opportunities but doing so safely within existing compliance and governance rules.
“Whilst this heightened era of digital productivity and accessibility has created infinite opportunity, it has concurrently created new threats and vulnerabilities in the creation, storage and utilisation of information,” Data61 CEO Adrian Turner said.
"These threats are significantly more than just cyber security related; they also extend to the accuracy, integrity and availability of information that is critical to both real-time human, and automated decisions that affect our nation and people.
"Directors globally have expressed concern at the rapid pace of digital change, increased cyber threats, technical jargon and associated risks as limiting their ability to appropriately fulfil their duties.
“It is the board's responsibility to drive innovation and strategy which will flourish with positive leadership, a coherent strategy and proactive information governance.”
Data61 and the AICD said they hoped to aid the “creation of highly-skilled company directors equipped to influence economic growth and community prosperity, while protecting enterprise assets from intentional theft or accidental loss.”
Among the areas that the program will cover are valuing information “in terms of business opportunity and risk”, determining effective safeguards for that information, and initiating a “continuous improvement” regime for those safeguards and data management.
AICD managing director and CEO John Brogden believed the education program would complement “initiatives in the Australian Government's Cyber Security Strategy for a strong and resilient private sector enabled by skilled cyber-literate members at every level of an organisation”.
The Government handed down its new cyber security strategy last week, which it backed with $230 million over four years.
"Cyber security is one of most significant and growing issues facing boards today, so it is critical that directors remain up-to-date with this rapidly developing area,” Brogden said.
After a range of high-profile incidents affecting large companies worldwide, cyber security is firmly on the agenda of boards, but KPMG said directors had many questions.
“In our experience, board members are wondering: am I asking the right questions? How do I get comfortable? Are we doing enough? How do I know we are doing the right things? Are we making the right decisions?” the consultancy said in a recent report.
A study by the Ponemon Institute – sponsored by Raytheon – found that 22 percent of organisations already have their security lead brief the board of directors on “cybersecurity strategy”.
The study forecast that this figure would rise to 66 percent by 2018, highlighting the rapid rise of cyber security capability in the upper echelons of corporates.