Australians demand execs held liable for cyber breaches, new study reveals

Sean Duca, Vice President and Regional Chief Security Officer APAC & Japan at Palo Alto Networks

More than nine in ten Aussies (92%) want someone to be held liable when an Aussie firm is breached in a cyber attack, and one in two Australians want that person to be a board director or a C-suite executive, according to the latest research from Palo Alto Networks

Conducted by Savanta, the research found that 50% of Australian respondents thought board directors or C-suite executives should be liable for their firms suffering a cyber attack, compared to only 44% believing that frontline tech workers should be held responsible. 

What were the findings of Palo Alto Networks‘ survey?

Seven in ten Aussies believe not enough corporate leaders are held personally accountable after data breaches occur at their firms, while 67% believe leaders should face fines and jail time where they have not taken reasonable steps to protect personally identifiable data.

Aussies are split on data breaches where the criminal is demanding a ransom, with a slight majority (53%) believing that businesses shouldn’t always meet hackers’ ransom demands. 

The majority of Aussies trust businesses in the banking and healthcare sectors with regard to cyber security, but are split (50%) on whether to also trust the govt to protect their data. These are the only three sectors that 50% or more of Australians trust, and only 36% trust that private sector businesses overall are doing everything they can to protect client data. 

The least trusted sectors in Australia are advertising (27%), tech and social media (33%), and retail (34%). Poor cyber practices are especially risky for retailers, as 68% of Australians would not return to an online retailer if the retailer lost their data in a cyber breach.

Overall, 69% of Australian respondents say the security reputation of a business is very important when asked to disclose personal information, and 77% expect most Australian organisations to increase cybersecurity spending in the next 12 months.

What were Palo Alto Networks‘ thoughts on the findings?

“Cyber security is an organisation-wide effort. IT and security teams may be on the tools, but there is a ceiling as to how strong a firm’s cyber defences can be and that is set by leadership,” said Sean Duca, VP and Regional Chief Security Officer APAC & Japan at Palo Alto.

“It’s one thing to invest in the right tools, but to truly protect an organisation you must have the right processes in place across the board. Education is also key, but this goes beyond a one-off seminar – in addition to regular training, employees need to see cyber security prioritised across the business in order to maintain proper security hygiene,” Sean Duca said.

“Aussie banks are some of the most digitally advanced, and invest heavily in cyber security, so it’s not surprising that Aussies trust them more than any business,” added Sean Duca.

“What was surprising is that the majority of Australians trust health care organisations, considering the sensitivity of the data they hold and the sector’s historical underinvestment in cyber security. Perhaps the fact that these are two of the most heavily regulated industries gives Australians some level of comfort that they’d provide adequate cover,” Duca said.