ASX 100 corporate directors ill-equipped for cyberattacks: UNSW Canberra

A study by the UNSW Institute for Cyber ​​demonstrated a significant cybersecurity awareness and resilience skills gap among ASX 100 business leaders.

According to the study, led by Nigel Phair, director (enterprise) of the UNSW Canberra Institute, less than 1% of ASX 100 directors have cybersecurity experience and only 16% have technology experience.

In collaboration with Dr. Hooman Alavizadeh, Research Associate, Mr. Phair analyzed 798 management positions (including CEOs and Non-Executive Directors) across all ASX 100 companies. This analysis was based on information provided on the company websites, as well as on the LinkedIn profiles of individual directors.

Mr Phair said raising cybersecurity awareness was an increasingly important responsibility for business leaders, with cybercrime costing the Australian economy more than $42 billion a year.

He said business leaders need to assess cybersecurity, as they would any risk, making competent decisions to understand the nature of the risk and how their level of (under)investment in cybersecurity controls will affect businesses. customers and stakeholders.

“There are many expectations and requirements to be a modern business manager,” Mr. Phair said.

“The cyber resilience of the organization they govern is only part of their role. To achieve this, business leaders must ask management the tough questions—and be knowledgeable enough to know what answers to expect—about their organization’s understanding of cyber risk, investment in creating and monitoring controls. and repeat scenarios, to be better equipped if cybersecurity controls impact customers and stakeholders. »

Mr. Phair explained that the best way to address the cybersecurity gaps of ASX 100 companies is to use a council skills matrix.

The ASX recommends that organizations disclose on their websites or annual reports “a board skills matrix setting out the mix of skills the board currently possesses or seeks to develop among its members.”

In 2020, 38% of all boards said they were introducing specialist technology and/or innovation roles into their skills matrix, but Phair said that hadn’t been done yet. implemented.

“Adoption of technology by organizations will continue to grow at a rapid rate,” Phair said.

“Along with this is the dynamic role that cybersecurity must play in protecting the organization, the data it creates and the people who access it. Since “the tone starts at the top”, having qualified business leaders is a fundamental requirement. »

Leave a Comment