The 15 most important cybersecurity topics that every CEO needs to know in 2023.

02 Nov / 2022

Cyber Security


With the New Year on its way, a number of Australian organisations are reflecting on the past year and wondering what they can be doing to improve their cybersecurity posture in 2023. Gone are the days when cybersecurity was just an “IT problem”. Now, cybersecurity has a front-and-centre position at the executive table and CEOs need to school themselves up.

Much like the nightmare that Kelly Rosmarin (CEO of Optus Australia) is going through, it is vital that CEOs and business leaders in the country set the cybersecurity tone from the top. Establishing a culture of cybersecurity shared responsibility and communication is vital in a truly digital world. Fundamentally, it is the people of the organisation that need to each be responsible for acting with cybersecurity in mind, while partaking in company cybersecurity initiatives and training mandates.

Even more important is for new CEOs to learn more about the cybersecurity posture of an organisation that they are starting with, and ensure the company is taking the most appropriate actions to secure their most valuable information assets.

So if you’re a CEO of an Australian mid-sized or large organisation, what do you need to KNOW about cybersecurity?

  • Cyberattacks WILL happen - if you have not experienced one yet, then you may have one coming down the line. Ignorance is not bliss;
  • The majority of data breaches will originate from human error with one of your staff members. Security education cannot be ignored;
  • Your company is likely only aware of a fraction of their vulnerabilities originating from technology infrastructure, networks, clouds and systems.
  • Achieving information security compliance from regulatory standards will not fully protect you from cybersecurity attack;
  • To achieve real information security and data resilience, you need a cybersecurity strategy and will need to continually execute and monitor penetration testing, and implement training to keep up to date with evolving threat vectors.

Now, as a CEO of an organisation - here are 5 things that all CEOs should be doing about cybersecurity:

  • Ensure everyone in the organisation from the top-down and bottom-up receives appropriate cybersecurity training - especially against phishing and social engineering attacks;
  • Build a continual and robust penetration testing program with cyber maturity risk assessments to ensure your organisation has excellent visibility of the cybersecurity risk environment;
  • Mandate for timely software and hardware patch management processes to be owned by your IT team and not thrown into the “we’ll do it later” bucket;
  • Ensure the organisation has 24/7/365 monitoring, detection and response systems built in across your endpoints, devices, technology infrastructure and cloud systems;
  • Ensure your cybersecurity liability insurance policies are always up to date and your organisation meets policy requirements.

When moving into a CEO role or sitting in the Boardroom with your technical leadership team, a CEO should be asking these five questions:

  • What is the threat profile of our business and what type of data do we hold? What third-party data do we hold too?
  • What type of data do we hold that might be appealing to attackers, nation states or sophisticated digital criminals?
  • How many of our people have undergone cybersecurity training and what is the cadence?
  • Do we have a penetration testing program with a reliable third party supplier? Do we need to engage another supplier to give objective results?
  • What percentage of our IT budget is spent on cybersecurity and who owns responsibility for cybersecurity - in particular, how do we respond if we are attacked?

From our experience, we see more CEO’s asking questions about cyber risks in their organisation, however, they often engage after a cyber attack to get speed with some of these key questions and criteria. Building a proactive stance across cybersecurity is the ethos of all successful CEOs in the country to date. 

Want to know more about Cythera?

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies and businesses all over Australia from the Cythera offices in Melbourne CBD.

All Cythera team members are passionate advocates of the belief that all Australian businesses should have affordable access to world-class cyber security strategy, testing and remediation solutions to protect from online threats and cyber criminals.

Want to know more? Meet with our team here

Resources

You may be interested in

Cyber Threats and the Israel-Hamas War

This threat landscape SOC Note does not cover any details of the ongoing ground war. Links to sources that contextualise the Israel-Hamas war ha…

Read More arrow_forward

The Ugly Side of ISO 27001 Compliance. What Happens if You Get it Wrong?

We’re going to be candid and frank here. ISO 27001 audits, and any cybersecurity compliance audits at all, can be hard to achieve and stressfu…

Read More arrow_forward

How to prevent digital brand theft from destroying your business

As high-profile data breaches become commonplace, the Australian Cyber Security Centre encourages CEOs and other business leaders to take a proa…

Read More arrow_forward