Cybersecurity a corporate governance concern

Cybersecurity awareness and online risks alerts for businesses have increased since the start of the COVID-19 pandemic, but a need to improve understanding and skills remains, according to Kapil Kukreja, Director – Risk, Assurance and Advisory at HLB Mann Judd Melbourne.

Kukreja said cyber-risks have been talked about at the highest senior levels of business, both board and executive, in the last 12 months. This was highlighted in the latest HLB Cybersecurity Report released this month, which found almost half of global C-suite executives are concerned or very concerned about the risks cybersecurity issues pose to their businesses.

“In part, this heightened awareness has been driven by the increase in people working from home during the pandemic, creating a greater level of risk for organisations. This has triggered a shift in how companies view cyber-security and, perhaps more significantly, the likelihood of it affecting them.

“Whereas previously it was treated as a technology issue and responsibility, now it is recognised as a critical business risk and is being taken very seriously.

“While this is a step in the right direction, there remains a gap in the skillset of board members and directors in being able to appropriately assess the information they are receiving, and benchmark their organisation’s activities to industry standards,” Kukreja said.

Kukreja also said that senior boards and upper management have been asking the right questions about what businesses need to approach cybersecurity, like extra resources or system upgrades. However, Kukreja highlighted the duty of management to ensure they are fully equipped to understand all responses.

“From a corporate governance perspective, executives can’t simply rely on what they are being told by others in the organisation – they need to be able to properly analyse and assess the information and make decisions on whether the steps being taken to protect the business from cyber-risks are robust enough and meet requirements,” he said.

“As cyber-security continues to grow as an organisational threat, this gap in knowledge will become even more of an issue.”

Cyber-crime has been steadily rising in Australia in recent years, as the Australian Cyber Security Centre’s Annual Cyber Threat Report 2020-21 showed that it increased by 13% from 2020 to 2021. A cyber-crime is now reported every eight minutes in Australia.

Kukreja mentioned several steps businesses can take to help protect themselves from cyber-attacks.

“It is recommended that businesses conduct vulnerability assessment and penetration testing on a regular basis to identify cyber security exposures in their IT environment. It’s also critical to introduce, for instance, multi-factor authentication and adequate password protocols. In addition, with more people working from home, secure cloud-based technology, virtual private networks (VPNs) and encryption methods are essential.”

Kukreja also said the most important aspect of any cybersecurity protection plan is training for all staff on a regular basis and running frequent tests are absolutely vital.