Australian leaders hesitant to disclose breaches

By Dylan Bushell-Embling
Monday, 24 October, 2022

Nine in 10 Australian C-suite executives are concerned that requirements for mandatory disclosure of cyber incidents could lead to a loss of competitive advantage, according to new research from PwC.

The company’s 2023 Global Digital Trust Insights Survey also found that 81% of Australian respondents felt that requirements to disclose information to regulators and investors discourage them from sharing information with law enforcement authorities.

At the same time, 89% of Australian respondents agreed mandatory disclosures of cyber incidents requiring comparable and consistent formats were necessary to gain stakeholder trust and confidence.

Meanwhile, 60% of respondents indicated that their organisations plan to increase cyber budget in 2023 and are adopting more policies seeking to improve the management and governance of customer data.

The top policies identified by Australian respondents were following an opt-in, privacy first strategy in marketing efforts, vetting third parties and partners, and using techniques to pseudonymise customers’ data.

PwC Australia Cybersecurity and Digital Trust Leader Rob Di Pietro said the results suggest that Australian business leaders are lagging behind their global counterparts in terms of transparency to regulators, investors and consumers.

“Regulators want visibility into cyber practices because they want to protect citizens from fraud and loss of privacy, help investors make better decisions and prevent industry or system-wide disruptions. Investors are looking for consistent and comparable disclosures so they can put their money in companies that fit their needs. Cyber incidents can affect shareholder value, temporarily or permanently,” he said.

“Our report shows Australia’s C-suite is on the right track, but there is still a lot of work to do. And this work will inevitably be occurring against the backdrop of an evolving regulatory landscape, new and sophisticated threat vectors and budgetary constraints. Therefore, the key takeaway for our nation’s C-suite when it comes to cyber must be to work smarter and hit the message home harder.”

Image credit: iStock.com/tashka2000