Daily Bulletin

Business News

  • Written by Scott McKinnel, ANZ Country Manager, Tenable

Top business leaders are starting to realise the widespread impact a cyberattack can have on a business. Unfortunately, according to a study by Forrester Consulting commissioned by Tenable, some of the damaging effects include financial loss or theft (39%), loss of customer data (39%) and employee data (36%). The potential for cyber threats to cost organisations in Australia millions of dollars overwrites an outdated belief that cybersecurity is merely an IT issue. With so much at stake, business leaders are in the front lines and require insight into cyber risk in the same manner as other risks.

Incoming regulation aimed at business leaders of critical infrastructure and systems of national importance, as part of the federal government’s Cyber Security Strategy 2020, further iterates the importance of leadership involvement in cyber issues. Therefore, it’s unsurprising that the same Forrester study shows that Australian business leaders are demanding greater visibility, as 94% of Australian security leaders have been asked to report on their level of exposure to a specific threat or publicised vulnerability. What’s worrying, however, is that 67% of business leaders report that their security counterparts are, at best, only “somewhat effective” in communicating threats that pose the greatest risk to the organisation. This disconnect shows that cybersecurity is broken and the key missing piece of information is - business context.

Business context is everything

When an organisation is at risk of a cyber threat, the first thing business leaders want to know is if they will still be able to deliver on their core business objective. Instead, more often than not, they get data about how many systems are affected and how quickly it can be remediated - demonstrating a clear disconnect in the way both groups understand and communicate risk.

This is by no means any fault of security leaders. Their technical training puts them in a position to report on the many vulnerabilities, patches deployed and recite information of the latest threats. What they struggle with is delivering the information in a non-technical manner that relates to the business because they are hamstrung by a lack of data, technology and processes.

The same research highlighted three key areas of improvement in order for security teams to effectively communicate risk.

Firstly, security leaders need to have holistic visibility of business-critical assets. Only six in ten Australian security leaders reported that they have ‘high or complete’ visibility into their organisations’ IoT and operational technology (OT), according to the Forrester study. In addition, less than half are highly or fully aware of the risk posed to employees working remotely and only 30% have high or complete visibility over third-party vendors. All of this combined means that few security leaders have a holistic understanding of their organisations’ attack surface and, as a result, are unable to communicate the risk to the business effectively.

Secondly, security and business performance aren’t aligned, with just four in ten security leaders saying they work with business stakeholders to align cost, performance and risk reduction objectives with business needs. While having the right tools in place to measure risk is key, so too is reducing the gap between security and the rest of the business. Business and security leaders need to work together to integrate with one another and develop security metrics that speak to business risk.

The final area of improvement is the use of technology to better predict business risk context for incoming threats. The Forrester study showed that 40% of Australian security leaders aren’t confident that they have the technology, processes or data to predict cybersecurity threats. This could be, in part, due to a lack of automation technologies - three out of ten security leaders say their organisations still manually review spreadsheets to track cybersecurity performance. Business leaders need to ensure that they’re making long-term investments in the technology used to monitor, manage and report on cybersecurity.

The road ahead

While business leaders are starting to recognise the importance of cybersecurity, it’s clear that a gap still exists and there’s more work to be done. Security leaders must turn qualitative recognition of cyber risks into quantitative business-aligned metrics, and business leaders must equip them with the tools and processes to do so.

With new regulations like Australia’s mandatory data breach notification laws already in place and more likely to come in with the 2020 Cyber Security Strategy, failure for security and business leaders to align will surely result in further business-impacting attacks with the regulatory penalties a clear reality.

Explore the South Coast in Australia With These Outdoor Activities


What Makes Shiatsu Massage Unique?


What Can We Learn from Modern Art Exhibitions?


Top 3 Things to Consider When Finding the Best Amazon Marketing Agency

It is true that selling on Amazon is not a walk in the park - with intense competition and a big reputation, many sellers on the platform are finding themselves overworked simply trying to keep up...

Daily Bulletin - avatar Daily Bulletin

Marketing tips to help brands to be more present

Are you looking for marketing tips? Well, in this post we will share important marketing tips that can help the brand to be more present. A / B Test your shopping journey AB testing is  a scient...

Daily Bulletin - avatar Daily Bulletin

4 Things To Look For In A Customs Broker

Running a business entails the teamwork of many professionals. Some work within the four walls of the main business premises while others work outside. One of those who work in the field is a cust...

NewsServices.com - avatar NewsServices.com

Why Do People Need a Salesforce Consultant

If you’re an experienced user of Salesorce, you might take advantage of the many Salesforce Certification Resources available to you and become a salesforce consultant. It could mean a whole new car...

Daily Bulletin - avatar Daily Bulletin

Enquiries for franchises through the roof: Jim Penman offers advice to people

COVID has created a ‘homedemic’ of people who want to continue to work from home or work their own hours without having to go back into the office and deal with a bad boss all day. According to J...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

Older Australians thriving with newfound academic skills

Spearheaded by Council on the Ageing (COTA) Victoria for the Australian Federal Government, a recent report by Workforce Innovation and Development Institute (WIDI), outlined the key results from...

Diane Falzon - avatar Diane Falzon

The Conversation