More than nine in 10 Australians (92 per cent) want someone to be held liable when an Australian company is breached in a cyber attack, and one in two Australians want that person to be a board director or a C-suite executive, according to the latest research from Palo Alto Networks.
The study also found that Aussies regard the advertising industry as the least trustworthy when it came to handling data breaches and cyber security.
Conducted by Savanta, the research found that 50 per cent of Australians thought board directors or C-suite executives should be liable for their companies suffering a cyber attack, compared to only 44 per cent believing that frontline tech workers should be held responsible.
Seven in 10 Australians believe not enough corporate leaders in Australia are held personally accountable after data breaches occur at their organisations, while 67 per cent believe leaders should face fines and jail time where they have not taken reasonable steps to protect personally identifiable information.
“Cyber security is really an organisation-wide effort,” said Sean Duca, VP and regional chief security officer Asia Pacific & Japan at Palo Alto Networks. “IT and security teams may be on the tools, but there is a ceiling as to how strong an organisation’s cyber defences can be and that is set by leadership.”
“It’s one thing to invest in the right tools, but to truly protect an organisation you must have the right processes in place across the board. Education is also key, but this goes beyond a one-off seminar – in addition to regular training, employees need to see cyber security prioritised across the business in order to maintain proper security hygiene.”
Australians are split when it comes to data breaches where the cyber criminal is demanding a ransom, with a slight majority (53 per cent) believing that businesses should not always meet hackers’ ransom demands.
The majority of Australians trust businesses in the banking and healthcare sectors with regard to cyber security, but are split (50 per cent) on whether to also trust the government to protect their data. These are the only three sectors that 50 per cent or more of Australians trust, and only 36 per cent of Australians trust that private sector businesses overall are doing everything they can to protect customer data.
The least trusted sectors in Australia are advertising (27 per cent), technology and social media (33 per cent), and retail (34 per cent). Poor cyber practices are especially risky for retailers, as 68% of Australians would not return to an online retailer if the retailer lost their data in a cyber breach.
“Australian banks are some of the most digitally advanced in the world, and invest heavily in cyber security, so it’s not surprising that Australians trust them more than any other type of business,” added Duca. “What was surprising is that the majority of Australians trust health care organisations, considering the sensitivity of the data they hold and the sector’s historical underinvestment in cyber security. Perhaps the fact that these are two of the most heavily regulated industries gives Australians some level of comfort that they’d provide adequate cover.”
Overall, 69 per cent of Australians say the security reputation of a business is very important when asked to disclose personal information, and 77 per cent expect most Australian organisations to increase cybersecurity spending in the next 12 months.