ADAPT’s research reveals 66% of our nation’s CISOs are under-resourced and overworked

At ADAPT’s Security Edge conference in Sydney, ADAPT’s Senior Director of Strategic Research Matt Boon, highlighted using current data to support cyber security budgets.

Based on the responses of over 120 Australian CISOs and Heads of IT Security, insufficient time, lack of executive support, and lack of funding are stopping them from building a secure and trusted organisation.

The increase in governance and compliance regulations now means CISOs must focus more on these than protecting and detecting threats or dealing with attacks.

Australia’s top CISOs say that a 41% increase in resources is needed. AI deployment outpaces risk management capabilities, exposing vulnerabilities.

Data immaturity compounds challenges and lack of skills, poor data culture, and ineffective governance.

ADAPT’s latest research revealed strong proactive relationships between CISOs, and their executive leadership teams yet pointed to a need for better engagement across all employee levels.

According to ADAPT’s Security Edge survey, 58% of organisations emphasise the proactive involvement of executives in cyber security initiatives, stressing the importance of executive engagement.

AGL, UTS, and KordaMentha security leaders on driving top-down cyber leadership

During the panel discussion led by ADAPT’s Principal Research Analyst Peter Hind, cyber security experts like Anna Aquilina, Tony Vizza, and Maryam Bechtel shared strategies to ensure cyber security is led from the top.

Maryam Bechtel, CISO at AGL, discussed moving from technology-driven approaches to integrating cyber security with business strategies, highlighting executive involvement and shared responsibility in risk management.

This matches with insights from ADAPT’s Security Edge survey, which points out that engaging more deeply with employees at all levels can boost cyber security resilience.

Anna Aquilina, CISO at the University of Technology Sydney, suggested that executives receive ongoing education on the evolving threat landscape to maintain support for cyber security initiatives.

According to ADAPT’s Security Edge survey, 74% of respondents identified ongoing education for executives as crucial for maintaining support for cyber security initiatives.

Tony Vizza, Executive Director of Cyber Security at KordaMentha, compared corporate governance with cyber security governance, stressing how clear roles, accountability, and proactive management are key to effectively reducing risks.

The panelists talked about the importance of having meaningful metrics to assess cyber security strategies, suggesting metrics that non-technical stakeholders can easily understand to improve organisational transparency.

Back to top

Equifax’s journey to cyber resilience since their 2017 data breach

Insights from Jamil Farshchi, CTO and CISO at Equifax, shed light on critical areas Australian organisations must address to strengthen their cyber security measures.

Jamil, a seasoned CISO with extensive experience managing crises such as the Equifax data breach, strongly criticised the traditional approach of “security by obscurity.”

He advocated for a model based on transparency and collaboration, highlighting how these strategies build resilience and enhance an organisation’s capability to respond to threats effectively.

Jamil also illustrated the potential for improved security practices through community engagement and open communication by sharing real-world challenges and solutions.

Reflecting on his crucial role in Equifax’s aftermath of the 2017 breach, Jamil shared that strategic changes to integrate robust security practices into core business operations were essential.

While AI can boost operational efficiency and risk management, it introduces new vulnerabilities, such as sophisticated phishing attacks and the potential misuse of deepfake technology.

Leaders must integrate cyber security strategically into business operations by focusing on transparency, robust practices, and a balanced use of innovative technologies like AI.

Back to top

Former Jetstar CIO & CISO on tackling AI and quantum threats

At ADAPT’s Security Edge, Claudine Ogilvie, former CIO at Jetstar Airways, Director Digital & Data at Compass Group APAC, active Board Member, and Yvette Lejins, former CISO at Jetstar Airways & Asciano delved into the nuances of AI preparedness and its critical role in enhancing cyber resilience.

58% of organisations find a lack of AI readiness impacts their operations, stressing how crucial it is to have strong AI strategies to boost cyber defenses.

On the topic of quantum computing, Yvette discussed its disruptive potential against current cryptographic systems.

With AI and quantum computing advancing, the nation faces escalating threats alongside opportunities for enhanced data protection.

There’s a concerning talent gap in quantum computing, where the demand far exceeds the supply, with only one qualified candidate for every three vacancies.

This calls for targeted educational and professional training programmes.

This proactive approach involves enhancing AI-driven anomaly and threat detection and preparing for the quantum era by developing resilient cryptographic methods ahead of time.

Back to top

Lion Co’s CISO on articulating the complexity of the expanding CISO role to your board

In an interview with Gabby Fredkin, Head of Analytics & Insights at ADAPT, at Security Edge, Jamie Rossato, GAICD, CISO at Lion, discussed the realities of modern cyber security, characterising the current landscape as “the Pokemon CISO” due to the overwhelming variety of threats CISOs must address.

Jamie explained, “We’re expected to deal with vulnerabilities, misconfiguration and applications and the security of our television cameras,”highlighting the expansive role of a CISO today.

Jamie advocates for an “assumed breach” approach, focusing on response readiness rather than prevention.

He explained, “It’s a case of how well and how effectively we respond to that breach,” promoting proactive rather than reactive security measures.

According to ADAPT’s Security Edge survey, 62% of organisations have implemented proactive security measures such as incident response plans and breach readiness assessments.

Jamie emphasised starting with security in mind at the beginning of technology projects.

He used the metaphor of planning a fence for a kindergarten next to a busy road to show why timely and strategic security planning is vital.

Stress proactive and strategic communication to effectively manage cyber security, ensuring readiness for incidents and integrating security from the start of all technology projects.

Back to top

The way forward

Australia’s cyber security landscape is at a crucial turning point, with AI and quantum computing bringing both risks and opportunities for safeguarding data.

As we work towards cyber resilience, it’s vital to have strong frameworks for verification, compliance, and trust in place, especially with evolving laws and digital growth.

CISOs are finding themselves tangled up in governance and compliance tasks, taking time away from core security duties due to limited resources, lack of support from higher-ups, and not enough funding.

ADAPT research reveals that 66% of CISOs don’t have what they need for effective cyber strategy execution.

Let’s not forget about AI racing ahead of our ability to manage risks and the ongoing struggle with data maturity.

ADAPT’s recent survey showed that 91% of Australian CISOs weren’t ready to dive into AI due to data maturity issues.

Australia needs to tackle these challenges head-on to strike a balance and fortify our cyber security for a resilient digital future.

Back to top

Security