CIO OPINION postures that would be considered outdated by today ’ s standards .
Does executive accountability change this equation ?
Recent research by ExtraHop shows exactly half of cybersecurity incidents in Australia are caused by having an outdated security posture . More than half ( 54 %) of respondents last updated their cybersecurity infrastructure in 2020 or before and one-fifth of organizations have technology that has gone at least three years without being updated . Additionally , 76 % state they are concerned about legacy systems being attacked .
The same study found more fundamental challenges at a smaller – though still significant – number of organizations . In particular , it found 6 % of organizations in Australia do not have a dedicated internal team or external team . This may seem a low figure , but if applied to all organizations it is a very large number that lack basic cybersecurity protection . In addition , 18 % of respondents weren ’ t clear on their role in a cyber incident or cyber emergency .
These are the kind of cybersecurity hygiene issues that would undoubtedly worry security practitioners within or associated with these organizations . Clearly there are still organizations that are not as well prepared as they could be , and where executives and boards still need to buy into cybersecurity as a discipline , posture and operational prerequisite .
To be fair to CEOs and boards , cybersecurity has been on their risk radars for some time now . The importance of cybersecurity is constantly drilled into company executives , particularly those who ultimately sanction and fund this critical work and capability .
PwC Australia says it ‘ has witnessed a material change since [ 2017 – 18 ] in cyber understanding and resilience at the board level .’ However , it also theorizes that cybersecurity ’ s longevity as a risk issue – the fact it remains a constant – weighs on executives ’ attention . “ There has been some fatigue around the issue ,” a PwC representative said . “ It ’ s been in the top three issues for CEOs and boards for a number of years .”
The flipside of that is that fatigue is also an issue for the frontline security practitioners that must meet cybersecurity threats day in and day out . It shouldn ’ t
Fatigue is also an issue for the frontline security practitioners that must meet cybersecurity threats day in and day out .
www . intelligentcio . com INTELLIGENTCIO APAC 45