Tesserent, a leading provider of comprehensive cybersecurity services in Australia and New Zealand and a Thales Australia company, reports a significant increase in demand for their services from Australian company directors and boards. This surge in interest represents a change in the traditional route of acquiring cybersecurity services, which typically came from Chief Information Security Officers (CISOs) and technical teams.
Kurt Hansen, Chief Executive Officer of Tesserent, attributes this shift to a myriad of factors. Recent high-profile attacks, increased scrutiny from government, media, and the community, stringent compliance regimes, and the looming threat of substantial fines have all contributed to elevating cybersecurity to the forefront of directors’ and boards' priority lists.
"Directors are now asking key questions about their role in cybersecurity and working to fortify their organisations," Hansen explains, "This marks a departure from a few years ago when technical teams and Chief Information Security Ofiicers were the primary instigators of cybersecurity inquiries."
These developments coincide with the words of ASIC Chair Joe Longo at a recent cybersecurity summit. He stressed that regulators expect directors to ensure their organisations' risk management frameworks sufficiently address cybersecurity, warning that failure to do so could lead to regulatory repercussions for the leaders.
In response to this growing need, Tesserent recommends an extensive 12-point plan for company directors to bolster their cybersecurity preparedness. The plan covers a broad range of themes, from establishing a solid cybersecurity governance framework, regularly assessing cyber risks, keeping abreast of data protection and cybersecurity regulations, to cultivating a company-wide cybersecurity-aware culture and making appropriate investments in cybersecurity.
The plan also advises organisations to develop robust incident response plans, manage third-party risks diligently, establish a set of cybersecurity performance metrics, assess the need for cyber insurance, consider adding cybersecurity expertise to the board, and conduct regular cybersecurity audits, all while striving for continuous improvement.
The need for strengthened cybersecurity strategies is starkly highlighted in the 2023 - 2030 Australian Cyber Security Strategy, released by the Federal Government. The document clearly outlines the scale of our cybersecurity maturity and resilience needed to meet the challenges of the next decade and beyond.
"We are all in this together to combat the escalation of cyber-attacks and strengthen our national defences against criminals and other groups intent on stealing data," Hansen said.
"Company directors must not only ensure organisations have defensive measures but resilient recovery plans in place that are regularly tested," he said.
Hansen emphasises that understanding and protecting an organisation's core assets is critical to avoiding regulatory pitfalls and ensuring robust business practices.
Currently, Tesserent works with more than 1200 clients from diverse sectors including government, critical infrastructure, banking, financial services, and insurance, proving their capability in providing industry-leading cybersecurity services.