Australia more concerned about cybersecurity than rest of the world: PwC

Australian business leaders are more concerned about cybersecurity risks than their global counterparts, despite local interest rate hikes, inflation, supply chain disruptions, extreme weather events and the ongoing Covid-19 pandemic, according to new PwC research.

PwC’s Global Risk Survey reveals that cyber and information management is considered the top risk to Australian business (32 percent compared to 20 percent globally), followed by business operating model, geopolitical risks, recruiting and retaining talent and managing the current workforce.

According to Rick Crethar, PwC Australia cyber leader and risk advisory partner, “Australia’s business leaders are significantly more concerned about cybersecurity risks compared with globally and rated it more highly than Covid impacts, economic volatility, or climate change.

"We’re more aware locally of our exposure to cyber threats. The government has also stepped up its focus on our national cybersecurity strategy and broader risk management obligations on our critical infrastructure.”

While geopolitical tensions have escalated with the Russia and Ukraine war since the survey was conducted in March-April of this year, Crethar believes that business leaders will need to leverage the lessons learnt during Covid to respond appropriately in the uncertain geopolitical climate.

“In an increasingly interconnected world, rising geo-uncertainty will further challenge existing business operating models and resilience strategies. Coupling these tools with the experience of managing crises during the pandemic should enable Australia’s business leaders to manage new and emerging risks more effectively than a few years ago,” he said.

The report highlights five actions that organisations can take to better manage risk:

1. Engage early and provide risk insights at the point of decision
2. Take a panoramic view of risk - a top down view of risks and interdependencies
3. Set and employ risk appetite to take advantage of the upside of risk
4. Enable risk-based decision-making through systems and processes
5. Double down efforts on top risks.

Embedding risk management into strategic planning and business decision making is a key way that board members and business leaders can detect risks early and capitalise on the opportunities, the report said.

The authors also encourage businesses to attach key performance indicators (KPIs) to risk management.

“Many of Australia’s organisations are grappling with the challenge in establishing a dynamic link between their risk appetite with their day-to-day decisions and actions. Start with the biggest decisions and most mature processes for your material risks. This requires recognition that strategic risks are desirable and are required to generate returns,” said Crethar.

“Designing a more dynamic risk management capability where upside can be realised while keeping risk to acceptable levels or managing them when they occur, is key. This should be reinforced by a culture which encourages a risk/ reward mindset. Embedding risk appetite enables organisations to make risk-informed decisions to take advantage of the upside of risk and effectively manage downside impacts.”