A male and female in an office looking at a computer together
Information Security

Australian Digital Trust Insights 2023 Summary

Published: November 08, 2022
A male and female in an office looking at a computer together
Information Security

Digital transformation continues to drive business innovation, diversification and post-pandemic recovery. The way we work, the systems that underpin how we are connected and how we view information security has undergone a fundamental change in the post-pandemic world. Cybersecurity is now the backbone of business, central to all organisational operations. The findings of PwC’s 2023 Global Digital Trust Insights Survey show that the way Australian senior executives view this rapid transformation is distinct from their global counterparts. Some of the results are summarised below. 

PwC’s 2023 Global Digital Trust Insights Survey captured the views of more than 3,500 CEOs and other C-suite executives from Australia and around the world. Senior executives were surveyed on the challenges and opportunities that could improve and transform cybersecurity within their organisations. The report highlights the issue of data security, showing where organisations place their cyber priorities, their main concerns and who bears responsibility for cybersecurity across business functions.

There are two key factors that have led to these Australian distinctions. 

Firstly, Australia’s geographical isolation. Whilst it held us in good stead throughout the pandemic, it has put us in a precarious position when it comes to supply chain issues, the ramifications of which we are still dealing with. 

Second is Australia’s evolving cyber-related legislative and regulatory landscape. There have been reforms to critical infrastructure which has expanded the number of critical sectors from four to 11. This has meant many organisations have had to rebuild the way they manage their cyber security.

Key takeaways from the Australian findings

Threat actors

According to the survey results, the top five threat actors, vectors, and attacks Australian organisations are least prepared to address are: Cyber criminals Hacktivist/hacker Insider threat Competitor Third-party

Question: For each of the threat actors below, which do you expect to significantly affect your organisation in 2023 compared to 2022?  Base: Global=3522, Australia=105 Source: PwC’s Global Digital Trust Insights Survey 2023, Final Results, September 2022

The significant threat of cyber criminals as one of the top concerns of Australian business leaders (67%) is in line with global trends (65%). However, Australians view insider threat and competitor activity (58% and 57%; compared to 44% and 42% globally) as other areas for concern. Recent high-profile data breaches are likely to have done little to alleviate these concerns. 

Recent global attacks on software supply chains, which had marked effects in Australia, have heightened concerns about supply chain security. Australian respondents (37%) were more concerned by threats posed by software supply chain compromise than their global counterparts (26%). 

Disclosures

Australian attitudes towards transparency and public disclosure of cyber incidents differ from those held globally. 90% of Australian respondents believe that reporting data breaches to the public could bring about a loss to competitive advantage, compared to 70% globally. Similarly, 81% of Australian respondents felt new requirements for the mandatory disclosure of cyber incidents to investors or national cyber authorities would discourage them from sharing information with law enforcement, compared to a global figure of 64%. 

89% of Australian respondents agreed mandatory disclosures of cyber incidents requiring comparable and consistent formats were necessary to gain stakeholder trust and confidence (79% globally). In addition, organisations want governments to help set standards, with 90% of respondents stating they expected the government to develop cyber techniques for the private sector, based on the knowledge base built from mandatory disclosures of cyber incidents (75% globally).

Resilience approach and capability

Australian organisations have been slower to promote integrated and agile operating models that can respond to a diverse set of disruptive events (30% Australia; 47% globally) and are more likely to use individual, pre-defined plans and processes designed for responding to specific disruptions (70% Australia; 53% globally). 

Bar chart detailing how Australian organisations have been slower to promote integrated and agile operating models that can respond to a diverse set of disruptive events (30% Australia; 47% globally) and are more likely to use individual, pre-defined plans and processes designed for responding to specific disruptions (70% Australia; 53% globally).

Question: For each of the following paired statements, which statement better describes your organisation’s current cyber resilience approach and capability? Base: Global=3522, Australia=105 Source: PwC’s Global Digital Trust Insights Survey 2023, Final Results, September 2022.

Australian organisations are more reactive in their approach to cyber disruption with 63% (47% globally) invoking plans post-incident and focused on recovery and remediation. Just 37% (53% globally) reported taking an anticipatory and preventative approach by assuming incidents will occur and embedding mitigations accordingly.

Bar chart detailing how Australian organisations are more reactive in their approach to cyber disruption with 63% (47% globally) invoking plans post-incident and focused on recovery and remediation. Just 37% (53% globally) reported taking an anticipatory and preventative approach by assuming incidents will occur and embedding mitigations accordingly.

Question: For each of the following paired statements, which statement better describes your organisation’s current cyber resilience approach and capability? Base: Global=3522, Australia=105 Source: PwC’s Global Digital Trust Insights Survey 2023, Final Results, September 2022.

A standard like ISO 22301:2019 Security and resilience – Business continuity management systems – Requirements can help in this regard. This standard provides a framework for organisations in the event they cannot operate under business as usual conditions, specifying requirements for identifying, assessing, responding to, and recovering from disruptive events. While this standard does not specifically address information security itself (there is ISO 27001 for this), it can help businesses continue to operate after an incident and quickly return to business as usual. The Training Academy offers a course in ISO 22301 to help you understand the Business Continuity standard. Find out more here

Driving uplift

Australia is generally aligned with the rest of the world in the factors that can help drive organisational cyber transformation over the next 12 to 18 months:

  • Leadership that drives cyber security through the organisation 
  • Ensuring all non-cybersecurity employees understand the potential cyber implications of their actions
  • Strengthening data analytics capabilities on cyber and privacy activities
  • Educating the board on cyber risk
  • Solving the talent gaps in the cybersecurity workforce*

*Globally, the consolidation of enterprise technology solutions for a simpler tech stack/infrastructure was more important than solving talent gaps in the cybersecurity workforce.

The difference in the top five priorities for organisational resilience plans in Australia compared to the rest of the world reflects both our current economic climate and problems in society. The variance from the global results also shows that Australia’s business leaders are highly attuned to the vulnerabilities specific to this country. 

The top five scenarios Australian business leaders are incorporating into their organisational resilience plans are: Global recession Supply chain bottlenecks Catastrophic cyber attack Commodity market volatility Significant workforce churn The top five scenarios business leaders are incorporating into their organisational resilience plans are: Catastrophic cyber attack Global recession COVID-19 resurgence or other health crisis Inflationary environment Supply chain bottlenecksA word on data breaches

The importance of data protection is becoming increasingly clear for all organisations. High-profile data breaches have, and will continue to be, in the headlines as the tactics cyber criminals employ continue to become more sophisticated. Organisations of all sizes across all industries should be prepared.  Regardless of how data breaches occur, the consequences can be significant. While data security has traditionally been considered an “IT issue”, it should be considered a significant business issue with a risk that needs to be managed. A data breach event can affect all facets of a business. These impacts can include:

  • Negative media coverage, loss of shareholder confidence, and consumer reluctance to share data or repeat their business.
  • Customer exposure to fraud and/or financial harm, fear and burden of protecting themselves from the impact of breached data.
  • Supply chain impacts from breaches of contracts or obligations, non-delivery of service level agreements and associated penalties.
  • Business disruption as executives and key staff are redirected from their primary roles to conduct investigations and deliver containment and response initiatives.
  • Litigation and class action lawsuits
  • Regulatory exposure to Conduct Investigations, Determinations, Enforceable Undertakings and Injunctions

How ISO 27001 can help manage information security risks

Having an information security management system such as the one outlined in ISO 27001 can help keep your organisation’s data safe from potentially crippling cyber attacks. 

ISO 27001 provides a framework to ensure that your business has a robust set of security standards and information security controls so that you’re able to meet supplier, customer, and regulatory expectations for data protection, and inspire confidence from key stakeholders.

A new version of the standard was released in October 2022 and our Training Academy can help you learn how to implement and audit a system that meets the requirements of the new standard with our Information Security Management Systems Lead Auditor course. Help your organisation demonstrate their commitment to information security by enrolling in one of our courses today. 

Certification to ISO 27001 has grown by over 30% in the last 12 months both in Australia and globally (2022 ISO Survey Results). Organisations are increasingly wanting to build trust and confidence with their stakeholders to gain a competitive edge. Third-party certification to an internationally recognised standard such as ISO 27001 can help organisations find that edge. For information on how your organisation can become certified to ISO 27001, please click here

Visit the 2023 Global Digital Trust Insights Survey to further explore the findings from this year. While you’re there, be sure to check out the cybersecurity and digital trust benchmarking tool to gain real-time insight on how your organisation is performing

About the survey

The 2023 Global Digital Trust Insights is a survey of 3,522 business, technology, and security executives (CEOs, corporate directors, CFOs, CISOs, CIOs, and C-Suite officers) conducted in July and August 2022. Female executives make up 31% of the sample. 

Fifty-two percent of respondents are executives in large companies ($1 billion and above in revenues); 16% are in companies with $10 billion or more in revenues. Respondents operate in a range of industries: Industrial manufacturing (24%), Tech, media, telecom (21%), Financial services (20%), Retail and consumer markets (18%), Energy, utilities, and resources (9%), Health (5%), and Government and public services (3%). Respondents are based in various regions: Western Europe (31%), North America (28%), Asia Pacific (18%), Latin America (12%), Eastern Europe (5%), Africa (4%), and Middle East (3%). 

The Global Digital Trust Insights Survey is formerly known as the Global State of Information Security Survey (GSISS).

PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey. Australian respondents: The total number of respondents from Australia was 105 executives. Of the Australian respondents, 65% were business executives, while 35% were technology and security executives. Female executives made up 30% of the sample. Sixty-nine percent of Australian respondents are executives in large companies ($US1 billion and greater in revenues); 31% are in companies with less than $US1 billion. 

Respondents operate under various ownership structures: 88% of Australian respondents are from privately owned companies. Of those, 10% of respondents are from family-run companies, 38% of respondents are from companies backed by private equity, 26% of respondents are from partnerships and 14% of respondents are from owner managed companies. With the remaining 12% consisting of publicly listed companies (11% of respondents) and Government & public service (1% of respondents).

 

Back to Blog

“Excellent trainers with high level expertise, varied content to keep us engaged and quality resources leave me with confidence that I could implement what I’ve learned.”

“The presenters really helped to link the course material to real life situations. They were very professional and helped make the course very enjoyable.”

“Thoroughly enjoyable learning experience, facilitated to an excellent standard – Well adapted to the diversity of skill within the group.”

Fantastic course professionally run by a ‘real’ auditor working in the field which allowed for a fantastic bridge between theory and practical examples.

“Very informative and enjoyable course. Excellent materials and tools in the course and to take home. Excellent value for money. The trainer did a great job of keeping us engaged and learning. I will do future training through PwC.”

Need help finding a course?

Speak directly with a member of the Training Academy team to decide which course is right for you.

We are a community of solvers combining human ingenuity, experience and technology innovation to deliver sustained outcomes and build trust.

It all adds up to The New Equation.

See how The New Equation can solve for you

×
Menu