Chief executives need to “lean in and educate themselves” about cybersecurity, and their businesses should conduct consistent stress testing and drills, one expert says.

Jacqui Kernot, the security director of Accenture ANZ, told AAP that CEOs feel “disempowered” when it comes to cybersecurity in the wake of numerous hacks in the past few years.

“It’s just one of these things, you know you’re going to get broken into, you don’t really know when, you don’t really know how, and don’t really have any level of control over it,” Ms Kernot said.

“There’s a whole lot of the reasons for that dynamic, but it must be a pretty uncomfortable feeling for CEOs to just feel like they’re just crossing their fingers and hoping that today’s not their day.”

Accenture, the global professional services company, recently produced a report based in part on a survey of 1000 chief executives of large organisations globally.

There were 68 Australian CEOs surveyed and the report found only 19 per cent had dedicated board meetings to discuss cybersecurity issues and 93 per cent lacked confidence in their organisation’s ability to prevent or mitigate attacks effectively.

It found 28 per cent strongly agreed they had deep knowledge of the evolving cyber-threat landscape, with 34 per cent saying they didn’t view cybersecurity as a strategic matter and that it required only episodic, rather than ongoing, attention.

Ms Kernot said CEOs needed to understand that cybersecurity wasn’t optional and that it was important to consistently conduct stress tests to make sure critical data and infrastructure was protected.

Rehearsing what a company would do in the event of a data breach was also important.

“It’s funny, people don’t to necessarily commit the time to it – it’s a big time sink and there’a cost to it – but when you have an incident, you’d be very glad that you’d exercised it regularly,” she said.

“So really just get engaged, get educated and lean in.”

Derek Rose
(Australian Associated Press)