A study by the UNSW Institute for Cyber found that there is a significant skills gap around cybersecurity awareness and resilience among ASX 100 business leaders.
According to the study, led by Nigel Phair, director (Enterprise) for the Institute of UNSW Canberra, less than one percent of ASX 100 drivers have cyber experience and only 16 percent have technology experience.
In collaboration with research associate Dr. Hooman Alavizadeh analyzed Mr. Phair’s 798 board positions (including managing directors and non-executive directors) across all ASX 100 companies. This analysis is based on information on company websites and LinkedIn profiles of individual directors.
Mr Phair said cybersecurity awareness is an increasingly important responsibility for business leaders, with cybercrime costing the Australian economy more than $42 billion a year.
He said business leaders need to assess cybersecurity, just like any risk, and make competent decisions to understand the nature of the risk and how their level of (under)investment in cybersecurity controls will affect customers and stakeholders.
“There are many expectations and requirements to be a modern business leader,” Mr Phair said.
“The cyber resilience of the organization they run is only part of the role. To achieve this, business leaders must ask management the tough questions – and be competent enough to know the answers to expect – around their organization’s understanding of cyber risk, the investment in creating and monitoring controls and practiced scenarios, to be better equipped when cybersecurity controls affect customers and stakeholders.”
Mr. Phair explained that the best way to address the cybersecurity deficiencies of ASX 100 companies is through a board skills matrix.
The ASX recommends organizations publish on their websites or annual reports “a board skills matrix outlining the mix of skills the board currently has or aims to achieve in its membership.”
In 2020, 38% of all boards said they were introducing specialist technology and/or innovation roles into their governance skills matrix, but Mr Phair said this has not yet been done.
“Technology adoption by organizations will continue to grow at a rapid pace,” said Phair.
Related to this, the dynamic role that cybersecurity must play is to protect the organization, the data it creates and the people who access it. Since the ‘tone starts at the top’, having well-trained business leaders is a fundamental requirement.”