Daily Bulletin

Business News

  • Written by Scott McKinnel, ANZ Country Manager, Tenable

Top business leaders are starting to realise the widespread impact a cyberattack can have on a business. Unfortunately, according to a study by Forrester Consulting commissioned by Tenable, some of the damaging effects include financial loss or theft (39%), loss of customer data (39%) and employee data (36%). The potential for cyber threats to cost organisations in Australia millions of dollars overwrites an outdated belief that cybersecurity is merely an IT issue. With so much at stake, business leaders are in the front lines and require insight into cyber risk in the same manner as other risks.

Incoming regulation aimed at business leaders of critical infrastructure and systems of national importance, as part of the federal government’s Cyber Security Strategy 2020, further iterates the importance of leadership involvement in cyber issues. Therefore, it’s unsurprising that the same Forrester study shows that Australian business leaders are demanding greater visibility, as 94% of Australian security leaders have been asked to report on their level of exposure to a specific threat or publicised vulnerability. What’s worrying, however, is that 67% of business leaders report that their security counterparts are, at best, only “somewhat effective” in communicating threats that pose the greatest risk to the organisation. This disconnect shows that cybersecurity is broken and the key missing piece of information is - business context.

Business context is everything

When an organisation is at risk of a cyber threat, the first thing business leaders want to know is if they will still be able to deliver on their core business objective. Instead, more often than not, they get data about how many systems are affected and how quickly it can be remediated - demonstrating a clear disconnect in the way both groups understand and communicate risk.

This is by no means any fault of security leaders. Their technical training puts them in a position to report on the many vulnerabilities, patches deployed and recite information of the latest threats. What they struggle with is delivering the information in a non-technical manner that relates to the business because they are hamstrung by a lack of data, technology and processes.

The same research highlighted three key areas of improvement in order for security teams to effectively communicate risk.

Firstly, security leaders need to have holistic visibility of business-critical assets. Only six in ten Australian security leaders reported that they have ‘high or complete’ visibility into their organisations’ IoT and operational technology (OT), according to the Forrester study. In addition, less than half are highly or fully aware of the risk posed to employees working remotely and only 30% have high or complete visibility over third-party vendors. All of this combined means that few security leaders have a holistic understanding of their organisations’ attack surface and, as a result, are unable to communicate the risk to the business effectively.

Secondly, security and business performance aren’t aligned, with just four in ten security leaders saying they work with business stakeholders to align cost, performance and risk reduction objectives with business needs. While having the right tools in place to measure risk is key, so too is reducing the gap between security and the rest of the business. Business and security leaders need to work together to integrate with one another and develop security metrics that speak to business risk.

The final area of improvement is the use of technology to better predict business risk context for incoming threats. The Forrester study showed that 40% of Australian security leaders aren’t confident that they have the technology, processes or data to predict cybersecurity threats. This could be, in part, due to a lack of automation technologies - three out of ten security leaders say their organisations still manually review spreadsheets to track cybersecurity performance. Business leaders need to ensure that they’re making long-term investments in the technology used to monitor, manage and report on cybersecurity.

The road ahead

While business leaders are starting to recognise the importance of cybersecurity, it’s clear that a gap still exists and there’s more work to be done. Security leaders must turn qualitative recognition of cyber risks into quantitative business-aligned metrics, and business leaders must equip them with the tools and processes to do so.

With new regulations like Australia’s mandatory data breach notification laws already in place and more likely to come in with the 2020 Cyber Security Strategy, failure for security and business leaders to align will surely result in further business-impacting attacks with the regulatory penalties a clear reality.

Writers Wanted

It's not just about the rise in anti-Semitism: why we need real stories for better Holocaust education in Australia


With the US now calling China's treatment of the Uyghurs 'genocide', how should NZ respond?


Creating Everlasting Memories with Wedding Photography


Tips to find the best plastic manufacturing supplier for your needs

Plastics are very much an important part of all of our lives, but they’re particularly valuable to a wide variety of industries that rely on their production for their operations. The industries, ...

News Co - avatar News Co

7 foolproof tips for bidding successfully at a property auction

Auctions can be beneficial for prospective buyers, as they are transparent and fair. If you reach the limit you are willing to pay, you can simply walk away. Another benefit of an auction is tha...

Dominique Grubisa - avatar Dominique Grubisa

Getting Ready to Code? These Popular and Easy Programming Languages Can Get You Started

According to HOLP (History Encyclopedia of Programing Languages), there are more than 8,000 programming languages, some dating as far back as the 18th century. Although there might be as many pr...

News Co - avatar News Co

Avoid These Mistakes When Changing up Your Executive Career

Switching up industries is a valid move at any stage in your career, even if you’re an executive. Doing so at this stage can be a lot more intimidating, however, and it can be quite difficult know...

News Co - avatar News Co

4 Costly Mistake To Avoid When Subdividing Your Property

As a property developer or landowner, the first step in developing your land is subdividing it. You subdivide the property into several lots that you either rent, sell or award to shareholders. ...

News Co - avatar News Co


The franchise industry in Australia has been booming since the 1980s, as many emerging entrepreneurs find immense scope in this rapidly growing sector. The total number of franchised outlets in ...

Ester Adams - avatar Ester Adams

The Conversation


Ray Hadley's interview with Scott Morrison

RAY HADLEY: Prime Minister, good morning.    PRIME MINISTER: G’day Ray.   HADLEY: I was just referring to this story from the Courier Mail, which you’ve probably caught up with today about t...

Ray Hadley & Scott Morrison - avatar Ray Hadley & Scott Morrison

Prime Minister's Remarks to Joint Party Room

PRIME MINISTER: Well, it is great to be back in the party room, the joint party room. It’s great to have everybody back here. It’s great to officially welcome Garth who joins us. Welcome, Garth...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Ben Fordham, 2GB

BEN FORDHAM: Scott Morrison, good morning to you.    PRIME MINISTER: Good morning, Ben. How are you?    FORDHAM: Good. How many days have you got to go?   PRIME MINISTER: I've got another we...

Scott Morrison - avatar Scott Morrison

News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion