t cht lk
Simon Howe , Vice President Asia Pacific
Sales , LogRhythm networks , to steal money and data , wreak havoc and hold organizations to ransom .
Little wonder then that security professionals are feeling the heat . Three quarters of respondents to LogRhythm ’ s The State of the Security Team global survey carried out earlier this year reported feeling more stressed today than they did two years earlier .
The research also found senior leaders can have a significant impact on the wellbeing and morale of their information security teams .
diligence ’. If there was any doubt that this obligation extends into the field of cybersecurity , ASIC has made its position clear .
ASIC Report 4291 states that :
• It considers board participation important to promoting a strong culture of cyber-resilience ; and
• A failure to meet obligations to identify and manage cyber-risks may , if you are a director or officer of a company , result in you being disqualified from your role .
Here are four ways to take the pressure down .
Get the board on board
Cybersecurity has historically been a backroom function . That ’ s made accessing sufficient funding and resources to do their job properly a challenge for many security teams . Raising awareness at board level of cybersecurity ’ s critical importance to the organization can make it easier for security personnel to secure the budget and buy-in they need to succeed .
Indeed , here are four increased duties for Australian boards relating to cybersecurity :
1 . Directors ’ cybersecurity duties under the Corporations Act
2 . Directors ’ cybersecurity duties and the Privacy Act
This applies to any entity with a turnover of AU $ 3 million or more . The Australian Privacy Principle ( APP ) requires the entity to take such steps as are reasonable in the circumstances to protect personal information from misuse , interference and loss and from unauthorized access , modification or disclosure .
3 . Directors ’ cybersecurity duties and Mandatory Data Breach Notification
In February 2017 , the Privacy Act was modified to incorporate a new mandatory data breach notification regime . It applies to entities that are currently obligated under the Privacy Act .
Company directors have an obligation under section 180 of the Corporations Act to exercise their powers and discharge their duties with ‘ care and
Notifiable Data Breach legislation requires certain data breaches to be notified to the Office of the Australian Information Commissioner and to affected individuals .
76 INTELLIGENTCIO APAC www . intelligentcio . com