Cybersecurity - It's not an IT issue

Interesting article on cybersecurity today. https://www.abc.net.au/news/2021-07-29/cyber-criminals-covid-new-opportunities-hacking-business-warning/100331294. It reinforces something I am seeing time and time again as a consultant. Australian companies have left the door wide open to cyberattacks. Particularly due to the changes enforced by the pandemic.

However, unfortunately, this is all too often seen as an "IT" or "technical issue" when in fact it is usually a failure of corporate governance, risk management and a result of chronic underinvestment. Too many organisations fail to invest adequately in their IT infrastructure, do not have the resources in place to identify and manage the risks and do not adequately resource manage and lead their IT departments to implement the simple and effective processes and hygiene measures required.

Many boards and executive teams lack even a basic understanding of technology. As accountable officers, this is not acceptable.

Most cyberattacks are preventable.

Cybersecurity is a corporate governance issue, not a technical problem. Corporate stakeholders (customers, investors, financiers) have a right to know if the companies they are dealing with are taking it seriously and have effective counter measures in place.

Governments and regulators must be alert to this and should put effective frameworks, legislative instruments, and mandatory reporting requirements in place to ensure best practice is being followed.

A failure to take this issue can be terminal for the affected companies, executive careers and disastrous for the rest of us.

Link to the advisory here - https://www.cyber.gov.au/acsc/view-all-content/media-releases/us-uk-and-australia-issue-joint-cybersecurity-advisory