Australian board members unprepared for a cyber attack despite prioritising cybersecurity in 2023

SYDNEY, Australia, 6 September 2023 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released its second annual Cybersecurity: The 2023 Board Perspective report, which explores board of directors’ views on the global threat landscape, cybersecurity priorities, and relationships with Chief Information Security Officers (CISOs). The findings reveal that nearly three-quarters (74%) of Australian board members surveyed feel at risk of a material cyber attack, a notable increase from 52% in 2022. Likewise, 59% feel unprepared to cope with a targeted attack, higher than the global average of 53%.

This year-over-year change may reflect the ongoing volatility of the threat landscape, including lingering geopolitical tensions and rises in disruptive ransomware and supply chain attacks. The emerging risk of artificial intelligence (AI) tools such as ChatGPT may also be contributing to these sentiments: 71% of Australian board members believe generative AI is a security risk for their organisation.

Board members in Australia have those concerns even though 84% view cybersecurity as a priority, 76% believe their board clearly understands the cyber risks they face, and 81% believe they have adequately invested in cybersecurity.

“Our inaugural report last year revealed that Australia lagged behind its global counterparts when prioritising cybersecurity. Now, more than 8 in 10 Australian board directors agree that cybersecurity is a priority for their board, higher than the global average of 73%,” said Yvette Lejins, Resident CISO APJ at Proofpoint. “But boards still feel unprepared. While it is encouraging to see that cybersecurity has finally captured the attention of Australian boards, there is much work to be done to implement effective cybersecurity strategies.”

The Cybersecurity: The 2023 Board Perspective report examines global, third-party survey responses from 659 board members at organisations with 5,000 or more employees across different industries. In June 2023, more than 50 board directors were surveyed in each market in each of the following 12 countries: the U.S., Canada, the UK, France, Germany, Italy, Spain, Australia, Singapore, Japan, Brazil, and Mexico.

The report explores three key areas: the cyber threats and risks boardrooms face, their level of preparedness to defend against those threats, and their alignment with CISOs based on the sentiments Proofpoint uncovered in our 2023 Voice of the CISO report. We found a similar year-over-year increase in the number of CISOs who feel at risk and unprepared, and a closer alignment than before between board directors and security leaders.

"Boards are demonstrating their commitment to their fiduciary duty to ensure their organisations are cyber resilient. They feel good about the time and resources they are investing into their understanding and managing of cyber risk,” said the Hon. Clare O'Neil MP, Minister for Home Affairs, Minister for Cyber Security, Member for Hotham. “However, their struggle to translate this awareness into stronger security posture indicates directors still have much work to do. The strengthened relationships with CISOs can serve as a catalyst for improving their organisation’s resilience, now that the two sides are speaking the same language. With even greater challenges ahead, maintaining a laser-sharp focus on cybersecurity remains critical."

Key Australian findings from Proofpoint’s Cybersecurity: The 2023 Board Perspective report include:

• Generative AI has most of the boardroom’s attention: with tools such as ChatGPT getting much of the spotlight in recent months, 71% of surveyed Australian board directors view this emerging technology as a security risk to their organisation.
• Year-over-year comparison shows Australian board members are much more concerned about cyber risk: 74% of those surveyed feel their organisation is at risk of a material cyber attack, compared to 52% in 2022.
• Awareness and funding do not translate into preparedness: 84% of Australian board directors agree that cybersecurity is a priority for their board, compared to just 73% of directors globally. In Australia, 76% believe their board clearly understands the cyber risks they face, 81% think they have adequately invested in cybersecurity, and 88% believe their cybersecurity budget will increase over the next 12 months; however, these efforts are not leading to better preparedness—59% still view their organisation as unprepared to cope with a cyber attack in the next 12 months, higher than the global average of 53%.
• Board members and CISOs have similar concerns about their biggest threats: Australian board members ranked email fraud/BEC (53%), ransomware (40%) and cloud account compromise (31%) as their top concerns. This is only slightly different from CISOs’ top concerns of cloud account compromise (36%), ransomware (35%), and DDoS attack (34%). This is different to global board members, who ranked malware as their top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).
• Directors are not aligned with CISOs in the areas of people risk and data protection: more Australian board directors (66%) than CISOs (51%) agree that human error is their biggest risk, and board members are also much more confident in their organisation’s ability to protect data—84% of directors share this view, compared to only 49% of CISOs.
• Additional cyber resources, better threat intelligence, and cyber expertise on the board top boardrooms’ wish lists: 45% of Australian board directors said their organisation’s cybersecurity would benefit from more cyber resources, 38% would like to see better threat intelligence, and 38% would like cybersecurity expertise on the board.
• Board-CISO interactions and relationships are gradually improving: 57% of Australian board directors say they interact with security leaders regularly. While an increase from last year’s 43%, it still leaves nearly half of all boardrooms without strong CISO-C-suite relationships. Board members and CISOs are generally aligned when they do interact, however, with 72% of board members saying they see eye-to-eye with their CISO and 57% of CISOs agreeing.
• Personal liability is much more of a concern for boards than CISOs: 84% of Australian board directors expressed concern about personal liability in the wake of a cybersecurity incident at their own organisation, higher than the global average of 72%. Meanwhile, only 54% of Australian CISOs agree with these concerns.

To download Cybersecurity: The 2023 Board Perspective report, please visit: https://www.proofpoint.com/au/resources/white-papers/board-perspective-report

For more insights, research, trends, resources, events, and other CISO-level content, visit Proofpoint’s CISO Hub at www.proofpoint.com/au/ciso-hub.

####

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube 

###

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.