As cyberattacks against Australian businesses continue to rise in scale and severity, many organisations are delivering complex programs of work to uplift their defensive capabilities. Considering a large number of these cyber initiatives fail, it raises serious questions about what must be done to increase their chances of success. That’s why we’ve developed six key tips to help businesses better consider the way they deliver their cyber programs.
A compliance-led program is a useful starting point, although it can be difficult to sustain. Organisations must plan to pivot to a risk-based approach, which helps organisation remain agile and adapt to new challenges as they arise.
There is a perception money can be thrown at cyber to quickly meet compliance goals, but this couldn’t be further from the truth. Organisations must make measured investments at a steady pace to ensure sustainable operations and prevent change fatigue.
It’s inevitable issues will be identified when rolling out cyber programs, causing delays and hampering success. It’s critical to bake agility into cyber programs so businesses can deal with surprises
Cyber skills are in high demand and short supply. Organisations must build succession plans for when people leave and level up their reskilling activities to ensure sustainable resourcing.
Cyber programs must be commensurate with the size and complexity of the business, able to operate with appropriate resourcing once developed. Build accountability into the program and give every initiative an ‘owner’ to keep things moving.
C-suite and board executives are increasingly concerned with cyber risks, so it’s imperative they’re actively engaged in the process, advocating for meaningful change.