Weakest links: cyber governance and the threat to mid-sized enterprises
Research team
Related publications
Research summary
In partnership with the Macquarie Telecom Group, the NSC conducted a research project to acquire qualitative and quantitative insights into the governance of cyber security risks in Australian medium-sized businesses and government agencies.
The governance of cyber security has become a pressing challenge to both the public and private sector. Currently, cyber crime is the second most-reported economic crime, affecting thirty-two per cent of organisations, at a cost to the Australian economy that is estimated to be as high as seventeen billion dollars annually.
Using an anonymised web-based survey, the NSC’s Dr Tim Legrand asked individuals with cyber security roles or responsibilities to answer a range of questions pertaining to the cyber threats faced by their business or agency.
The survey acquired twenty-two separate responses from government agencies and thirty-six from medium-sized businesses. Published in November 2016, the research discerned widespread frailties in the governance of cyber security among the executive layers of public agencies and private enterprise. In particular, the findings indicate considerable variation in cyber risk governance arrangements and an absence of cyber risk knowledge at the executive/board level.
