Closer Collaboration Between Australian C-Suite and Chief Information Security Officers (CISOs) Needed to Bridge Gap in Cyber Readiness, Finds Accenture Report

New Accenture survey finds only one-third of Australian CISOs and business leaders collaborate on a cybersecurity plan and budget

With the proliferation of more and more sensitive data, expanding connectivity, and the adoption of automated processes, new Australian research from Accenture reveals that C-suite and IT decision makers need to embrace a different approach to cybersecurity to effectively protect against future cyber risks.

While most companies have a chief information security officer (CISO) or assigned cybersecurity to a C-suite executive, such as a chief information officer (CIO), often, these leaders have limited influence on cybersecurity strategy outside their departments. Additionally, nearly half of CISOs acknowledge that their responsibilities for securing the organisation are growing faster than their ability to address security issues.

In the study “Securing the Future Enterprise Today – 2018“, 73 percent of the Australian c-level executives polled, agreed that cybersecurity staff and activities need to be dispersed and executed throughout all parts of the organisation, but cybersecurity remains centralised in 82 percent of companies.

Moreover, there is little indication that C-suite executives expect to shift more responsibility for cybersecurity to business units. For example, 21 percent of respondents say business unit leaders are accountable for cybersecurity today and 33 percent believe business unit leaders should be responsible in the future.

“There is no doubt that organisations are taking cybersecurity more seriously, however, there is still much work to be done. Cybersecurity strategy needs to be led by the board, executed by the c-suite and owned at the front lines of the organisation. Further, it must be infused across all aspects of a company’s processes and systems, and built into the daily work activities of employees,” said Joseph Failla, Accenture’s Security Lead for Australia and New Zealand.

“To be able to grow confidently, companies can establish sustained cyber resilience through a continual, proactive focus on cyber risk management at all levels.”

Better Alignment Needed on Strategy and Protection Practices

The study exposed a disparity between what Australian c-suite executives say are the emerging areas of concern and the cybersecurity strategies employed for protection. For example, companies are still doing little to spread security knowledge among employees and very few CISOs have the authority to influence business units across their organisations.

• 60 percent of respondents said all employees receive cybersecurity training upon joining the organisation and have regular awareness training throughout employment.
• Surprisingly, only 40 percent of CISOs said establishing or expanding an insider threat program is a high priority.
• Just 40 percent of CISOs said they always confer with business-unit leaders to understand the business before proposing the latest cybersecurity technologies.

Top Cyber Risks: New Technologies and Data Sharing

Australian c-suite executives view several types of new technologies and tools as raising cyber risk for their companies and they’re highly concerned about the potential dangers of sharing data with third parties.

• Artificial intelligence technology topped the list with 86 percent of respondents saying that it will increase cyber risk moderately or significantly.
• 74 percent of respondents said mobile computing will raise cyber risk moderately or significantly.
• 86 percent of respondents say the amount of sensitive or confidential data exchanged will increase over the next three years, yet only 41 percent said that the data exchanged is adequately protected by their cybersecurity strategy.

Infusing Cyber Resilience Across the Organisation

The Accenture study recommends five actions for securing the enterprise in the future:

1. Make your business leaders Resilience Leaders. Security must be in the room when strategy is being decided and options are being weighed to advise on risk mitigations.
2. Support the security leader as a trusted business enabler. New roles and skills are needed inside the organisation to implement pervasive cyber resilience
3. Make your workforce part of the solution. Companies must make clear that employees are accountable for security.
4. Be an advocate for protecting customers. Go beyond compliance and become advocates for customers when it comes to protecting data.
5. Think beyond your enterprise to your ecosystem. Work with these ecosystem partners to jointly protect their organisations.

To read more about the growing gap between risk and protection download the report “Securing the Future Enterprise Today – 2018″ at https://www.accenture.com/au-en/insights/security/securing-future-enterprise-today.

About Accenture
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialised skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 449,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.