Cybersecurity

Boards of Directors lead in Cyber Security

Boards of directors in Australia and New Zealand lead in a global survey of executives on cyber security, with a strong majority prepared to make that issue a priority.

The survey, taken by the international IT services firm Infosys, queried 867 leaders representing firms from 12 industries with annual revenues of at least $500 million to more than $1 billion across the United States, Europe and Australia-New Zealand.

The survey’s objective: To explain the current global cyber security landscape and show how organisations have geared up to take on this challenge.  The key finding:

Boards of directors in Australia and New Zealand have the highest level of engagement of all boards globally in cyber security. The research highlights not only how cyber security is now a board-level issue at most ANZ organisations, but it also shows that ANZ boards are taking a more hands-on approach to cybersecurity.

ANZ boards led in all categories: Awareness of threats from hackers and hacktivists (88 per cent); ensuring that all employees are aware of the need for cyber security precautions (75 per cent); concern about corporate espionage (77 per cent);  awareness of threats from nation states (60 per cent); and prioritisation of the deployment of cyber security solutions at every level of the enterprise.

In another first for the ANZ region, 39 percent of Chief Information Security Officers report directly to the board. This is substantially more than in any other market surveyed.

Why are these statistics being higher in Australia and New Zealand than in the rest of the world, according to the study? Perhaps the reason is because of the large number of  data breaches that have occurred in both countries. The latest quarterly figures from the Office of the Australian Information Commissioner show data breaches are rising again in Australia, with 245 reported breaches in April to June 2019.

Australian banks have, in particular, experienced repeated, damaging data breaches. This has brought the importance of cyber security to the fore at companies in the both countries.

So it is not surprising that, in Australia and New Zealand, the number of employees who treat cyber security as a regular concern is also quite high. A separate survey by the Australian branch of the computer association CompTia showed that 37 per cent of Australian companies have made training available for cyber security, while 28 per cent actually offer certification programmes.

Cyber Security starts at the top

What emerges from the survey is agreement among corporate leadership around the world that the responsibility for cyber security policy and practice is theirs.

“Cybersecurity starts at the top. Cybersecurity is an enterprise-wide responsibility with engagement required from the topmost levels. The survey shows that 48 per cent of boards of directors and 63 per cent of business leaders are involved actively in cyber security discussions. Their involvement is essential to ensure that the cyber security program is aligned with business objectives and to convey a powerful message across the organisation,” the survey shows.

Moreover, most of those surveyed feel that the board should actually define and strategize cyber security, working closely with management, but by no means leaving the task to management. The executive layer of IT leaders (CIO/CTO) should collaborate with the board directly, about of those surveyed agreed.

Given that boards in ANZ are already conscious of the importance of managing cyber security, it is not surprising that many have adopted board management software with high-grade security to protect all board level communications. Board management software also provides a board portal to safely store all sensitive information, using encryption.

Diligent makes sure you are ready for all threats

Carefully protected internal communication services centred on security and privacy are the safest way to conduct internal communication.

Diligent, as the long-standing market leader for high-level corporate communications, is uniquely positioned to offer its clients the highest level of assurance around security measures. Diligent’s unique position in the marketplace allows for investment in best-in-class security practices at a level that is greater than most players’ annual revenue.

With ongoing investment and dedication to security technology, resources and infrastructure that no other provider can match, Diligent clients gain a strategic partner that truly puts security first.

All members of Diligent’s Security Team are active participants in the information security community in order to maintain up-to-date knowledge and expertise. This means that they are aware of nearly anything that hackers have available, ready to thwart all the most sophisticated techniques of attack.

Diligent Boards™ data is housed in a world-class hosting infrastructure. Co-location data-hosting facilities are operated at Tier 3 equivalent or higher standards. Diligent owns and operates its own equipment. Data stored by customers in the Diligent Boards solution is not hosted by any third-party cloud providers. Instead, it is stored on Diligent’s own secure servers and protected by strong physical security. Access to these data centres is limited to authorised personnel only and verified by two-factor authentication.

Data is encrypted at rest, in transit and on the users’ devices. The Diligent Boards service supports the current recommended secure cipher suites to encrypt customer data in transit and at rest. Customer data is encrypted at rest on Diligent’s storage systems and on the customer’s mobile devices that run the Boards apps. Customer Data encryption keys are stored in a tamper-proof FIPS 140-2 L3 certified Hardware Security Module.

Diligent has a documented Security Incident Response Program in place to handle a security incident. Incident response procedures are tested and updated at least annually. All incidents are managed by Diligent’s Security Incident Response Team. Diligent classifies the event and determines the incident response process. In the event of a security breach, Diligent will promptly notify customers of any unauthorised access to customer data.

For more information contact info@diligent.com or request a demo.

Featured Blog