Over two-thirds of Aussie CISOs face resource constraints, needing 50% more to ensure cyber resilience
Australia's CISOs face growing cyber threats, AI risks, and resource constraints. ADAPT's Security Edge explored how to modernise for resilience and close key gaps.
Published Oct 17, 2024 in
Articles
Security
Contributors
Gabby Fredkin
Michelle Dennedy
David Gee
Ahmad Douglas
Byron Connolly
Olivia Loadwick
Kylie Watson
Donald Elliott
Matt Boon
Imran Merchant
Andrew Horton
James Ng
Budd Ilic
Australia’s CISOs face growing cyber threats, AI risks, and resource constraints. ADAPT’s Security Edge explored how to modernise for resilience and close key gaps.
How do we keep people and data safe while navigating today’s vulnerabilities and AI-driven opportunities?
In Australia, recent high-profile cyber attacks and evolving legislation are pushing the nation towards a goal of national resilience.
Yet, with dispersed workforces and digital transformation in full swing, we’re asked to do more with less—facing growing complexities and vulnerabilities.
AI is reshaping Australia’s landscape, bringing both opportunities and new risks. While it enables automation and innovation, it also scales threats, making security a critical focus.
But many organisations are hampered by legacy systems, technical debt, and tight budgets. Australia’s enterprises are feeling the strain, balancing operational costs with the need for resilience.
ADAPT’s conversations with over 200 of Australia’s leading CISOs highlighted a shared challenge: a lack of resources. Many reported needing 50% more staff and funding just to meet their goals.
And as we move towards AI-driven solutions, the gap between those ready to leverage AI and those struggling with the basics could define the next decade of competitiveness.
At Security Edge, ADAPT discussed how to close these gaps, simplify security strategies, and modernise for resilience.
We explored solutions together with luminaries from Commscope, DXC, Cricket Australia, and Privacy Code, recognising the pressing need for alignment between resources, executive support, and the immense opportunity that lies ahead with AI.
1. Global CISO Keynote: Making the Most of a Crisis, Risk Reduction, and IT/OT Controls
Presented by: Ahmad Douglas – CISO at CommScope USA
Ahmad Douglas’ keynote was a masterclass in managing cyber crises under intense pressure.
As the CISO at CommScope, Ahmad faced a major ransomware attack shortly after joining, shaking the organisation’s core operations.
This attack not only forced Ahmad to make swift decisions without full incident response plans in place but also evolved his role from merely operational to strategic risk manager.
His experience underscored the importance of gaining boardroom consensus and adopting incremental risk reduction strategies.
For Australian CISOs, many of whom are modernising legacy systems while facing budget constraints, Ahmad’s key lessons on IT/OT network segmentation and executive communication are critical.
According to ADAPT research, over two-thirds of CISOs in Australia report lacking the necessary resources to execute their cybersecurity mandates effectively.
Ahmad’s approach of leveraging relationships and building trust with senior leadership offers a pathway for Australian CISOs to secure the funding and support they need.
2. ADAPT Research: Cyber Resilient & AI Ready
Presented by: Gabby Fredkin – Head of Analytics & Insights at ADAPT
Gabby Fredkin presented the latest ADAPT research on cyber resilience and AI readiness, revealing data collected from over 500 surveys of top CIOs, CISOs, and other leaders responsible for over 40% of Australia’s GDP.
The findings highlight a crucial gap: while organisations are working to protect, detect, and respond to incidents, only a small percentage feel prepared to leverage AI effectively.
In fact, over two-thirds (66%) of Australian CISOs believe they lack the necessary resources to deliver a world-class security service, with many estimating they’d need almost 50% more resources to meet growing cyber demands.
The average cyber resilience score of Australian organisations remains around 64%, according to ADAPT, far from the ideal given the growing sophistication of cyber threats.
Gabby emphasised that embedding security early in the system design phase, improving DevSecOps practices, and fostering a proactive cyber culture are key strategies employed by top performers.
For tech vendors, this data presents an opportunity to provide tools that integrate security within development processes and help CISOs align their cyber efforts with AI initiatives.
3. Panel: How to Articulate the Risk, to Get the Support, to Protect and Enable
Panelists: Peter Hind – Principal Research Analyst at ADAPT, Kylie Watson – CISO at DXC Technology, Donald Elliott – CIO at Cricket Australia, Olivia Loadwick – Partner at McKinsey & Company
The panel discussion brought to light the complexities of managing cyber incidents and the challenges of gaining executive support.
Donald Elliott highlighted the importance of framing cyber security as an enabler of business continuity rather than a blocker, especially when communicating with boards and executives.
Kylie Watson added that CISOs must consider the behavioural aspects of security, using tools like nudge theory to influence secure practices across the organisation.
ADAPT data indicates that one of the main barriers to delivering on security goals is a lack of support from executives, as reported by over 50% of surveyed CISOs.
The panel underscored the importance of scenario planning and cross-functional collaboration to ensure that security strategies are well-integrated with business objectives.
Vendors can support CISOs by providing solutions that help communicate cyber risks in business terms and facilitate smoother alignment between security and business teams.
4. The 9 Steps: What a CISO Needs to Know and Measure in Privacy, AI Ethics & Data Governance
Presented by: Michelle Dennedy – Chief Data Strategy Officer at Abaxx Technologies
Michelle Dennedy’s presentation addressed the rising importance of privacy and AI ethics in data governance.
Drawing from her experience at Cisco and McAfee, Michelle outlined a nine-step framework for improving the people, processes, and technology involved in data governance.
She emphasised the critical role security teams play in ensuring compliance, optimising authentication processes, and managing the data impact of AI.
For Australian CISOs, whose organisations are becoming more dependent on AI-driven technologies, the ability to govern data effectively is paramount.
ADAPT’s surveys show that organisations excelling in AI readiness are those with mature data governance frameworks.
As AI continues to introduce new risks—such as deepfakes and phishing attacks—CISOs need to incorporate privacy into their cyber efforts, leveraging metrics that can measure both risk and ethical AI practices.
Tech vendors that offer data governance solutions, particularly those focusing on AI ethics and privacy, will find a strong market among Australian security leaders.
5. The World Class CISO
Presented by: David Gee – CIO, CISO, Board Advisor, NED & Author
David Gee’s session provided insights on what it takes to be a world-class CISO.
With over 25 years of experience across various industries, David emphasised the importance of leadership, collaboration, and continuous learning for aspiring CISOs.
He shared personal stories from his time at HSBC, Macquarie Group, and Credit Union Australia, illustrating the need for CISOs to balance technical skills with strategic oversight and stakeholder management.
ADAPT data supports David’s emphasis on leadership, showing that top-performing organisations invest heavily in leadership development and skill-building.
For tech vendors, this means offering solutions that not only address technical vulnerabilities but also empower CISOs to build stronger teams, communicate effectively with executives, and foster a culture of continuous improvement.
6. Security by Design: How Enterprise Architecture Fuels Digital Transformation
Interviewee: Imran Merchant – Director of Enterprise Architecture, Australian Digital Health Agency
Imran Merchant, with over 22 years in the industry, explains that enterprise architecture is a key driver of digital transformation, enabling organisations to align business goals with technology solutions.
At the Australian Digital Health Agency, Imran’s work integrates business, data, application, and technology elements into a cohesive framework, facilitating seamless execution of digital strategies.
Emphasising a “security by design” approach, he advocates for collaboration between architects and security teams from project inception, which allows for early risk mitigation.
This proactive method ensures that security is integral to the design, preventing vulnerabilities from emerging later in development. He also encourages adopting a product mindset, fostering continuous innovation and a focus on long-term value.
Imran believes this approach promotes an intrapreneurial culture, where teams are empowered to create secure, customer-centric solutions.
Tech vendors can leverage these insights by offering solutions that embed security into architecture from the ground up, enabling organisations to build resilient, scalable systems.
7. How Beyond Bank Bolsters Cyber Security with Precision Vulnerability Management
Interviewee: Andrew Horton – Cyber SecOps Specialist, Beyond Bank Australia
Andrew Horton discusses Beyond Bank’s approach to refining vulnerability management, particularly within a complex digital landscape.
Using Rapid7’s tools, Andrew addresses challenges like “ghost assets” and misconfigured tools, which can distort an organisation’s security posture.
His team recalibrates scanning methods to deliver more accurate reporting, giving executives a clearer picture of security risks.
Andrew underscores that vulnerability management requires more than tools; it depends on a balanced combination of skilled people, refined processes, and tailored technology.
Training through micro-credentials and engaging outside expertise helps his team adapt to evolving threats.
Additionally, Andrew’s efforts have improved visibility across systems, particularly in managing legacy software and patches, reducing potential entry points for attackers.
Vendors can support CISOs by offering tools that refine vulnerability management and support skills development, ensuring precise, actionable security insights.
8. How Insignia Financial’s CISO Tackles Emerging Threats and Open-Source Risks
Interviewee: James Ng – GM Cyber Security (CISO), Insignia Financial
James Ng describes a strategic approach to emerging threats and open-source risks, aligning cyber and corporate strategies.
Adopting the NIST framework, Insignia assesses its security maturity and identifies talent gaps, building a case for board-level support.
James highlights third-party governance and identity management as key areas of focus, especially due to inconsistencies from Insignia’s various business units. Educating employees on advanced phishing and social engineering tactics using real-life examples has also become a priority, given the growing sophistication of these threats.
Regular engagement with the board ensures that cybersecurity is seen as integral to business continuity.
Open-source risks, particularly hidden backdoors in libraries, demand continuous monitoring—a crucial but challenging aspect of their security efforts.
For tech vendors, this approach highlights a need for solutions that enhance open-source security controls and streamline board-level reporting.
9. Wiz’s Multi-Cloud Security Platform: Simplifying Risk Management for Enterprises
Interviewee: Budd Ilic – Country Manager, Australia and New Zealand, Wiz
Budd Ilic explains how the company’s multi-cloud security platform streamlines risk management by consolidating various security tools into a single solution.
Despite its rapid growth and high-profile customer base, Wiz focuses on simplifying the complex task of managing multi-cloud environments.
The platform provides end-to-end visibility, identifying risks such as data exposure and misconfigurations, enabling CISOs to prioritise effectively.
Budd highlights Wiz’s commitment to “shift-left” security, with its new tool, Wiz Code, empowering developers to detect risks earlier in the development cycle.
This approach allows security to be integrated into the CI/CD pipeline, reducing risks from the ground up. Wiz also helps identify unused assets, offering cost-saving opportunities alongside improved security insights.
Vendors can learn from Wiz’s model by creating integrated solutions that consolidate multi-cloud security and empower developers to address risks proactively.
Conclusion
Australian CISOs are navigating a complex landscape of growing cyber threats, resource constraints, and evolving technologies like AI.
ADAPT’s Security Edge event provided crucial insights and practical lessons that can guide both CISOs and the vendors who aim to support them.
From crisis management to AI governance, the key to success lies in aligning security strategies with business objectives, fostering strong leadership, and embedding security into every stage of the organisation’s operations.
Vendors who can offer scalable, integrative solutions that address these priorities will be well-positioned to partner with Australian CISOs in their efforts to protect and enable their organisations.
Gabby Fredkin
Head of Analytics & Insights at ADAPT
Gabby’s primary role is managing analysis to produce ADAPT’s actionable insights. He has extensive experience in using data to identify technology trends to support Australian organisations.
Using modern data science techniques, he provides ADAPT and its customers with confidence in the accuracy and validity of the information used for ADAPT’s research, advisory and events.
With a passion for creating stories with data, Gabby is consistently rated as one of the top speakers at ADAPT’s events. In roundtable discussions, he specialises in using statistics to initiate thought-provoking discussions.
Gabby is effective in translating information into insights, enabling ADAPT’s customers to become more data-driven.
Gabby’s primary areas of expertise are:
- Advanced AI and ML practices, including AI ethics.
- Building models to benchmark and predict IT performance.
- End-user behaviour and human-centred design.
- Cross-functional team design and value, such as DevSecOps.
Michelle Dennedy
Chief Data Strategy Officer at Abaxx Technologies
As the former CEO of PrivacyCode and the Partner of Privatus Consulting, I have over 20 years of experience in advancing the respect for human information. I am known for my experience in privacy engineering, a field that bridges the policy and technology divide with metrics and outcomes. I am also an author, a podcaster, and a strategic advisor for several technology companies.
My mission is to build better technology that matters and that promotes quality, integrity, and asset-level possibilities for information assets. I work closely with families, executives, innovators, and dreamers at all stages and in all sectors to support the combination of policy, practice, and tools. I am passionate about creating solutions that enable data privacy and security, as well as social and environmental responsibility.
Less
David Gee
Former Global Head Technology, Cyber & Data Risk, Macquarie Group
David J. Gee has 20+ years experience as CIO and CISO. He joined Macquarie Group in early 2021 as Global Head Technology, Cyber and Data Risk. David is responsible for protecting Macquarie Group using his significant expertise in technology and cybersecurity. He has served as CISO for HSBC Asia Pacific, based in HK and responsible for the most critical and profitable countries for this large investment bank. David drove the cybersecurity maturity uplift and led all aspects of cyber for HSBC in these 19 countries. Prior to HSBC, David had an extensive Transformational CIO experience across numerous significant roles.
At MetLife Japan, David was Statutory Executive Officer, Senior Vice President and CIO. This is the second largest market for MetLife – a US$70B enterprise. David led the digital transformation for this large insurer with a significant focus on digitizing end to end customer engagement processes. At MetLife Japan managed a team of 230 IT Staff supported by 1200-1300 external resources, with an Annual IT spend in excess of U$300m.
David is Board Advisor to Sekuro, a successful cybersecurity company. A number of other Advisory roles are to be announced.
He is also past CIO at Credit Union of Australia where he successfully led a major transformation of all systems and technology. In this role he won CIO of the Year for Financial Services in Australia.
David has also been Executive Advisor for large scale transformation with KPMG, Ernst & Young and ICG. He has deep experience with Fintech and innovation ecosystems. Mentor at Stone & Chalk and Tyro Fintech Hub. Venture Partner with Sapien Ventures and Advisory Board of Venturetec.Accelerator. David also has been Fintech Advisor for a number of startups.
He is a digital industry thought leader and regular columnist with ITnews, CSO (Cyber), CIO Magazine and Computerworld, with more than 100+ articles published.
David was Information Officer and CIO for Lilly USA ($12B sales) & member of Lilly USA management. He has also enjoyed international expatriate assignments in Tokyo, Shanghai, Hong Kong and Kobe and in the USA.
Less
Ahmad Douglas
CISO at CommScope USA
Ahmad Douglas is the Chief Information Security Officer of CommScope, a global manufacturer of telecommunications equipment based in North Carolina, USA. CommScope operates a diverse portfolio of businesses, innovating in the fields of fiber optics and coaxial cable, cellular antennas, large-scale and high-density wi-fi installations, and telecommunications systems.
Prior to joining CommScope in 2023, Ahmad served as Chief Security Officer of Equifax Workforce Solutions, securing the premier datasets of American employment and payroll information. He has also held information security leadership roles at Comcast Xfinity and Visa. His career began at Los Alamos National Laboratory, where his technical and strategic contributions focused on securing the U.S. nuclear weapons program.
Ahmad holds a B.S. in Computer Science from Allegheny College as well as M.S. (Computer Science) and M.B.A. degrees from the University of New Mexico. Outside of work, his passions are mentoring the next generation of ambitious young professionals and playing jazz piano.
Less
Byron Connolly
Head of Programs & Value Engagement at ADAPT
Byron is a highly experienced technology and business journalist, editor, corporate writer, and event producer.
Prior to joining ADAPT, he was the editor-in-chief at CIO Australia and associate editor at CSO Australia. He also created and led the well-known CIO50 awards program in Australia and The CIO Show podcast.
Byron creates valuable insights for our community of senior technology and business professionals that help them reach their organisational and professional goals. He has a passion for uncovering stories about the careers and personal philosophies of Australia’s top technology and digital executives.
When he is not working, Byron enjoys hot yoga, swimming, running and spending time with his family. He completed the North Face 100km ultra marathon in the NSW Blue Mountains in 2012 and 2013.
Less
Olivia Loadwick
Partner, McKinsey & Company
Corporate finance and corporate strategy specialist. Adviser to leading companies and governments on strategy, transformation, risk, capital management and M&A.
Well regarded for strategic thinking and leadership. Recognised in the Westpac/Australian Financial Review 100 Women of Influence Awards. Representative at the B20 Leaders Summit.
Direct experience in the following sectors: healthcare, energy and resources, financial services, engineering and construction, automotive, property, infrastructure and utilities, technology, services, consumer and retail.
Experience in international markets having lived and worked in China, South Korea, North America, the Middle East, Europe, New Zealand and Australia.
University medal awardee and valedictorian for undergraduate and post graduate degrees.
Less
Kylie Watson
CISO at DXC Technology
Kylie Watson is an experienced executive in the Information Technology Infrastructure, Apps, and Services Industry. Driven by a strong client focus, she supports large-scale business and technical transformation, leveraging her expertise in change management and behavioural economics. Kylie excels in leading large sales and delivery teams across multiple disciplines and regions, driving the adoption and embrace of new technologies. She is adept at growing capabilities and skills to meet market demand across Australia, New Zealand, and Asia, and at building partnerships and alliances to solve client challenges.
Kylie has extensive experience working across all industries and is well-connected with key C-suite stakeholders in federal, state, and local government, as well as in retail, mining, oil and gas, utilities, distribution, health, and financial services. She has a proven track record of driving cultural change and embracing diversity and inclusion, earning awards in coaching, mentoring, and innovation.
With over 25 years of executive leadership experience in technology and consulting, spanning multiple industries, international geographies, and platforms, Kylie is well-versed in Google, AWS, IBM Cloud, and Azure. Her solution experience and qualifications include cybersecurity, data, AI, cloud, and change management. Additionally, she is an AI ethicist with some quantum computing capability.
Kylie is also a media spokesperson, keynote speaker, and author on technology topics, and serves as an advisor to universities and government agencies on cyber, technology research, and education.
Less
Donald Elliott
CIO at Cricket Australia
Don has built a reputation as a versatile leader who delivers results by building high performing and resilient teams. He is passionate about developing people and organisational culture to improve customer satisfaction. His experience in large and complex environments demonstrates an ability to sell and implement company-wide strategic programs often within a framework of competing divisions and agendas.
Don has strong commercial acumen and the ability to simplify complex business and technical problems to build understanding and consensus. He relishes the opportunity to delivery technology solutions to address business opportunities through strong collaboration and partnering.
Don has worked across all aspects of IT Strategy, Planning, Delivery and Operations in both startups and multi-nationals and has gaining a deep understanding of many industries including Retail, Manufacturing, Supply Chain, Finance, Utilities and Telecommunications.
Less
Matt Boon
Senior Research Director at ADAPT
Matt Boon is responsible for directing and developing ADAPT’s research content and positions. He interacts with executives daily, bringing together groups of C-suite leaders to discuss and prepare for the challenges and opportunities they face.
For over 30 years, including 18 in senior leadership roles at Gartner, Matt has been a sought after and highly respected authority on the local and global IT landscape.
ADAPT hosts numerous industry-leading business and technology events, which Matt chairs, that deliver unique ADAPT research positions, and advises executives across the end-user and technology provider landscape to make informed IT decisions.
When he is not working, Matt enjoys walking the many trails of the NSW Southern Highlands, travelling and listening to music. He is also partial to a good steak and nice glass of red wine.
Less
Imran Merchant
Director Enterprise Architecture at Australian Digital Health Agency
A competent IT professional with over 17+ years of experience in Product Management, Enterprise Architecture, Project Management, Digital Transformation Strategy, Business Analysis, Process Reengineering and Optimization, and Software Testing.
Less
Andrew Horton
Cyber SecOPs Specialist at Beyond Bank Australia
I am a full-stack leader, crypto enthusiast, and cybersecurity expert. I am best known for my open-source security research, forming part of the standard arsenal of penetration testers and blackhat hackers alike, along with mentions in textbooks (The Browser Hacker’s Handbook), academic papers, professional methodologies (OWASP Testing Guide and PTES), and Kali Linux – the most popular Linux security distribution used daily by security professionals.
I was previously Director of Engineering for CoinPayments, the world’s largest cryptocurrency payments provider.
I also advise start-ups, mentor, occasionally give conference presentations, and host the popular information security news aggregator at https://morningstarsecurity.com/news.
I am a believer in open-source in security, McKinsey-style consulting, and advocate Kaizen.
Less
James Ng
GM Cyber Security (CISO) at Insignia Financial
A leader with a range of experience across various cyber security, technology risk and audit domains. Motivated to create and maintain high performing cultures in order to drive business focused outcomes collaboratively with stakeholders.
Worked internationally across Australia, USA, Hong Kong, Thailand, Philippines, Singapore, India, Papua New Guinea and the UK (IOM).
Currently a:
– Graduate of the Australian Institute of Company Directors (GAICD),
– GIAC Security Operations Manager (GSOM – SANS),
– Certified Information Systems Security Professional (CISSP – ISC2),
– Certified Information Systems Auditor (CISA – ISACA),
– Certified Associate in Project Management, now lapsed (CAPM – PMBOK/PMI), and
– Certified Professional in Cloud Security (CCSK – Cloud Security Alliance)
Budd Ilic
Country Manager, Australia and New Zealand at Wiz
Less
Join the ADAPT
Insider Community
Get the latest ANZ market research and insights on the core trends impacting leaders.
Join the ADAPT
Insider Community
Get the latest ANZ market research and insights on the core trends impacting leaders.
