Australian boards view GenAI as a security risk

By Dylan Bushell-Embling
Wednesday, 13 September, 2023

Australian boards are suspicious of generative AI, with 71% of members viewing the technology as a security risk, according to Proofpoint.

The company’s second annual Board Perspective Report also found that nearly three-quarters (74%) of Australian board members surveyed now feel at risk of a material cyber attack, a significant increase from the 52% recorded in 2022.

Even though 84% of board members in Australia view security as a priority, 76% are confident that their board clearly understands the cyber risks they face. In addition, 81% believe they have adequately invested in security. and 88% expect to increase their cybersecurity budget over the next 12 months.

But at the same time, 59% of respondents still view their organisation as unprepared to cope with a cyber attack in the next 12 months, with the biggest perceived threats being email fraud (53%), ransomware (40%) and cloud account compromise (31%).

By comparison, CISOs believe that the biggest concerns are cloud account compromise (36%), ransomware (35%) and DDoS attack (34%).

Directors also differ from CISOs in the areas of people risk and data protection, with 66% of Australian board directors agreeing that human error is their biggest risk, compared to just 51% of CISOs.

On the plus side, 57% of Australian directors say they are interacting with CISOs and other security leaders regularly, up from 43% last year. When they do interact, 72% of board members say they see eye-to-eye with their CISO and 57% of CISOs agree.

Proofpoint Resident CISO for APJ Yvette Lejins said the findings suggest improvements are being made in the Australian enterprise security landscape.

“Our inaugural report last year revealed that Australia lagged behind its global counterparts when prioritising cybersecurity. Now, more than eight in 10 Australian board directors agree that cybersecurity is a priority for their board, higher than the global average of 73%,” she said.

“But boards still feel unprepared. While it is encouraging to see that cybersecurity has finally captured the attention of Australian boards, there is much work to be done to implement effective cybersecurity strategies.”

Image credit: iStock.com/Olemedia