Cyber security has just become more urgent on the boardroom agenda

The fourth industrial revolution is seeing a fundamental transformation of the way businesses operate. One of the technologies driving that evolution is the Internet of Things (IoT).

As more businesses invest in these technologies to remain competitive, cyber threats are becoming a crucial risk management issue. Such threats can shut down or disrupt operations or put commercially sensitive information at risk.

If the risks of cyber security aren’t immediately clear to businesses, they will be to customers. Customers increasingly expect the businesses they deal with to handle their data responsibly and keep their security and systems up to date.

Public expectations are being turned into law. Businesses are already required to adhere to privacy protections which deal with serious data breaches. Now, the Australian Government has passed a data breach notification law which requires businesses (and their related entities) with annual turnover above $3 million to notify affected individuals and the Australian Privacy Commissioner if an eligible data breach has occurred.

Despite this, businesses appear to be putting a relatively low priority on cyber security technology.

In our soon-to-be-released Business Beyond Broadband report, Ai Group surveyed CEOs about their businesses’ use of and investment in digital technologies, as well as barriers to this investment.

We asked businesses whether they used cyber security technology. While we did not define the term, and we can assume most businesses use some basic form of cyber security protection (such as off-the-shelf antivirus software or readily integrated software available with their standard operating systems), 78% of businesses reported that they did not specifically use cyber security technology and just 13% saw cyber security as a barrier to new digital investments.

This is in stark contrast to trends overseas and is concerning given the demonstrated ability of cyber breaches to damage reputations, disrupt business operations and bring down critical infrastructure.

The amended Privacy Act may hold businesses’ feet to the fire to elevate cyber security on the boardroom agenda, leading to improved corporate governance. However, it could also be counter-productive and create additional red tape for businesses as another compliance requirement, focused on notifying about breaches rather than improving systems at the boardroom level.

This is why we support the Government’s revised National Cyber Security Strategy, launched last year, which encourages cooperation between government and industry through various initiatives that supports businesses.

For our part, Ai Group has been running cyber security awareness sessions at the boardroom level. Following our well-received cyber security awareness session last year for SME manufacturers, we have decided to run another session for all businesses.

This time, we will have Cisco’s cyber security expert Anthony Stitt present to business leaders on the latest cyber security issues affecting businesses. He’ll be focussed on helping them know the right questions to ask their IT people on what they are doing to protect the interest of both the business and its customers. This session is about business risks and remedies, not a technical talk.

If you would like to attend our latest cyber security CEO breakfast briefing, you can register to attend in either Sydney on 22 March or Melbourne on 12 April.

The following two tabs change content below.
Charles is Digital Capability and Policy Lead at Ai Group, concentrating principally on policy relating to technology and digital issues. He has worked in a broad range of industries, including energy, broadcasting and telecommunications. Previously, he advised on energy policy for the Australian Energy Market Commission, and was Assistant Director of Engineering for Free TV Australia.


  1. Lynton Howes

    Hi Charles, great article! I’d like to note the importance of staff awareness on this topic. Business email compromise (BEC) fraud attempts (e.g. false invoices or emails purporting to be from the CEO/CFO) are becoming everyday occurrences for companies of all sizes, and if staff are trained in detecting such scams, the risk is greatly reduced.

    Lynton Howes
    Simplify LMS

    1. Charles Hoang (Post author)

      Thanks for the comment and I agree, Lynton. While the issue should be elevated to the C-Level as a risk management consideration (not just left to IT), the human factor (all staff) also plays an important role. I like to regard it as akin to WHS awareness.


Leave a Comment

Your email address will not be published.