Australian boards are among the most nervous in the world of a suffering a cyber security breach, with generative AI seen as a significant security risk they are being forced to navigate, new research out this week reveals.
More than eight in 10 Australian board directors agree that cyber security is a priority for their board, higher than the global average of 73 per cent.
The results, revealed in the second annual Board Perspective Report, reveal that 59 per cent of Australian boards feel unprepared to cope with a targeted attack, higher than the global average of 53 per cent.
The findings have been uncovered by cyber security and compliance company Proofpoint, which set out to explore board of directors’ views on the global threat landscape, cyber security priorities and relationships with chief information security officers.
The report explores three key areas: the cyber threats and risks boardrooms face, their level of preparedness to defend against those threats, and their alignment with CISOs based on the sentiments Proofpoint uncovered in the 2023 Voice of the CISO report.
Generative AI has most of the boardroom’s attention, with tools such as ChatGPT getting much of the spotlight in recent months.
Seventy one per cent of surveyed Australian board directors view this emerging technology as a security risk to their organisation.
While the report found that 76 per cent feel that their board clearly understands the cyber risks they face, 81 per cent think they have adequately invested in cyber security, and 88 per cent believe their cyber security budget will increase over the next 12 months.
Worryingly, awareness of cyber security issues and appropriate funding isn’t translating into preparedness, with just 84 per cent of Australian board directors agreeing that cyber security is a priority for their board, compared to just 73 per cent of directors globally.
Email fraud, ransomware, cloud account compromises and malware are among the top concerns for board directors, who acknowledge to researchers that additional cyber resources and better threat intelligence is paramount.
Of particular concern is the issue of personal liability, with board directors admitting they are concerned that they will be personally held liable for a breach.
Proofpoint researchers believe that the growing unrest about cyber security reflects the ongoing volatility of the threat landscape, including lingering geopolitical tensions and rises in disruptive ransomware and supply chain attacks.
The emerging risk of artificial intelligence (AI) tools such as ChatGPT may also be contributing to these sentiments, with 71 per cent of respondents admitting that generative AI is a security risk for their organisation.
Board members in Australia have those concerns even though 84 per cent view cyber security as a priority, 76 per cent believe their board clearly understands the cyber risks they face, and 81 per cent believe they have adequately invested in cyber security.
Proofpoint’s Yvette Lejins says the report highlighted that Australia lagged behind its global counterparts when it came to prioritising cyber security.
Lejins said boards still feel unprepared, and while it is encouraging to see that cyber security has finally captured the attention of Australian boards, there is much work to be done to implement effective cyber security strategies.
The Hon Clare O'Neil MP, Minister for Home Affairs and Minister for Cyber Security, said boards struggled to translate awareness of cyber risks into stronger security measures.
“The strengthened relationships with CISOs can serve as a catalyst for improving their organisation’s resilience, now that the two sides are speaking the same language,” she said.
“With even greater challenges ahead, maintaining a laser-sharp focus on cyber security remains critical."
The report authors surveyed 659 board members from 12 countries.