The 15 most important cybersecurity topics that every CEO needs to know in 2023.

02 Nov / 2022

Cyber Security


With the New Year on its way, a number of Australian organisations are reflecting on the past year and wondering what they can be doing to improve their cybersecurity posture in 2023. Gone are the days when cybersecurity was just an “IT problem”. Now, cybersecurity has a front-and-centre position at the executive table and CEOs need to school themselves up.

Much like the nightmare that Kelly Rosmarin (CEO of Optus Australia) is going through, it is vital that CEOs and business leaders in the country set the cybersecurity tone from the top. Establishing a culture of cybersecurity shared responsibility and communication is vital in a truly digital world. Fundamentally, it is the people of the organisation that need to each be responsible for acting with cybersecurity in mind, while partaking in company cybersecurity initiatives and training mandates.

Even more important is for new CEOs to learn more about the cybersecurity posture of an organisation that they are starting with, and ensure the company is taking the most appropriate actions to secure their most valuable information assets.

So if you’re a CEO of an Australian mid-sized or large organisation, what do you need to KNOW about cybersecurity?

  • Cyberattacks WILL happen - if you have not experienced one yet, then you may have one coming down the line. Ignorance is not bliss;
  • The majority of data breaches will originate from human error with one of your staff members. Security education cannot be ignored;
  • Your company is likely only aware of a fraction of their vulnerabilities originating from technology infrastructure, networks, clouds and systems.
  • Achieving information security compliance from regulatory standards will not fully protect you from cybersecurity attack;
  • To achieve real information security and data resilience, you need a cybersecurity strategy and will need to continually execute and monitor penetration testing, and implement training to keep up to date with evolving threat vectors.

Now, as a CEO of an organisation - here are 5 things that all CEOs should be doing about cybersecurity:

  • Ensure everyone in the organisation from the top-down and bottom-up receives appropriate cybersecurity training - especially against phishing and social engineering attacks;
  • Build a continual and robust penetration testing program with cyber maturity risk assessments to ensure your organisation has excellent visibility of the cybersecurity risk environment;
  • Mandate for timely software and hardware patch management processes to be owned by your IT team and not thrown into the “we’ll do it later” bucket;
  • Ensure the organisation has 24/7/365 monitoring, detection and response systems built in across your endpoints, devices, technology infrastructure and cloud systems;
  • Ensure your cybersecurity liability insurance policies are always up to date and your organisation meets policy requirements.

When moving into a CEO role or sitting in the Boardroom with your technical leadership team, a CEO should be asking these five questions:

  • What is the threat profile of our business and what type of data do we hold? What third-party data do we hold too?
  • What type of data do we hold that might be appealing to attackers, nation states or sophisticated digital criminals?
  • How many of our people have undergone cybersecurity training and what is the cadence?
  • Do we have a penetration testing program with a reliable third party supplier? Do we need to engage another supplier to give objective results?
  • What percentage of our IT budget is spent on cybersecurity and who owns responsibility for cybersecurity - in particular, how do we respond if we are attacked?

From our experience, we see more CEO’s asking questions about cyber risks in their organisation, however, they often engage after a cyber attack to get speed with some of these key questions and criteria. Building a proactive stance across cybersecurity is the ethos of all successful CEOs in the country to date. 

Want to know more about Cythera?

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies and businesses all over Australia from the Cythera offices in Melbourne CBD.

All Cythera team members are passionate advocates of the belief that all Australian businesses should have affordable access to world-class cyber security strategy, testing and remediation solutions to protect from online threats and cyber criminals.

Want to know more? Meet with our team here

Resources

You may be interested in

Don’t Fall for the ‘Tick + Flick’ Trap: The difference between a true MDR and Tick + Flick Service

An objection some customers have when we first connect is that they “already use a Managed Detection and Response service”, yet a little dig…

Read More arrow_forward

Unlocking Cybersecurity with Cythera's Penetration Testing

Unlocking Cybersecurity with Cythera's Penetration TestingPenetration testing, often referred to as pen testing, is a vital cybersecurity measur…

Read More arrow_forward

Microsoft Exchange On-Prem Critical Vulnerabilities - CVE-2022-41080, CVE-2022-41082

CVE: CVE-2022-41080, CVE-2022-41082 What Is Vulnerable? Microsoft Exchange Server (On-Premises) 2013, 2016, 2019 devices that have not applied…

Read More arrow_forward