Overseeing cyber risk is only one side of a directors’ responsibility in digital. Boards must also drive the adoption of technology to improve services for customers, innovate, disrupt and spur growth.
Every six months, members tell us what keeps them awake at night through the Director Sentiment Index. We added cybercrime to the list of options in 2016. Over the past five years, it has steadily risen from seventh position in the list of director anxieties to rank second, behind only long-term growth. Preliminary results from an August survey of the AICD’s Leaders’ Pulse panel show a substantial majority are “extremely” or “somewhat” concerned about the risk of cybersecurity breaches.
These concerns are understandable. Research firm Frost & Sullivan has estimated the cost of cybersecurity incidents at up to $29b a year to the Australian economy. In the latest Australian Cyber Security Centre (ACSC) Cyber Threat Report, the agency said it responded to 2266 cyber threats in 2019–20. And we know that a significant proportion of these threats emanate from state-sponsored actors, with resources that outstrip even our largest and most sophisticated companies.
In a policy response, the Department of Home Affairs released in July a consultation paper seeking views on potential cyber regulatory reforms including a proposed new governance standard for large businesses. The preferred approach is a principles-based, voluntary standard co-designed with industry. The scope of the consultation also extends to directors’ duties and whether they need to specifically cover cybersecurity. The AICD has cautioned against this on the basis that existing general directors’ duties adequately cover care and diligence obligations.
Helping our members to develop their cybersecurity knowledge to fulfil their obligations is a focus for the AICD. We have launched a new AICD course — “The board’s role in cyber” — and continue to examine cybersecurity issues through our director tools, in this magazine and recently through the Directors on Digital podcast. We soon will undertake research on the governance of cyber risk to give greater clarity around existing practices and where improvement is required.
Overseeing cyber risk is only one side of a directors’ responsibility in digital. Boards must also drive the adoption of technology to improve services for customers, innovate, disrupt and spur growth. Some sectors, particularly in services, are thriving with examples including Atlassian, Canva and, most recently, AfterPay.
But overall, Australia continues to lag. Accenture’s Digital Performance Index ranks us second-last of 37 OECD countries for investment, uptake and output in digital technologies. According to Accenture, we trail other developed countries in cloud computing, automation, machine learning, big data, Internet of Things, 3D printing, blockchain and drones.
Even in an area where we have an abundance of talent, quantum technology, we are falling behind, according to a report by the Australian Strategic Policy Institute. In 2015, we ranked sixth in investment among the nine largest economies in quantum technology. Today, we’re ninth.
Collaboration is essential
These are critical technologies to grasp and shape for us to determine the future of our economy.
While directors must drive digital and innovation strategies at the firm level beyond the pandemic, for our national prosperity we need a co-operative effort, economy-wide, between government, the private sector and drivers of research like our universities.
There are encouraging signs. The NSW government released an R&D action plan earlier this year based on the recommendations of an advisory council, chaired by David Gonski AC FAICDLife. Aligned with that plan, the NSW government recently sought founding members of a new technology facility at Sydney’s Tech Central precinct, focused on quantum technology, high-performance computing, medtech and artificial intelligence.
State government action is welcome, but we need “joined-up” bipartisan policy at every level of government , including education, immigration, and competition law — and aligned priorities to drive innovation and incentivise investment.
This is the challenge facing many economies.
The recently announced Innovation Policy in the UK has good intent, but is seen as a list of uncoordinated plans from different parts of government. China’s policy changes in the regulation of technology companies has destroyed $1 trillion in market value in recent months and sounded alarms with investors, who now are alive to the risk that commercial objectives are subservient to political goals.
Understandably, we are focused on the national cybersecurity threat facing our firms and it is clearly a matter of national security. It is imperative for our economic future that the prism refracting our digital agenda also discerns the opportunities, so that in the national interest, we align to tackle them.
Already a member?
Login to view this content