At Sekurokon 2024, we showcased a plenary session in the form of a trivia game show, testing business leaders on their cyber security general knowledge. Featuring Rich Data Co. CEO and Board Director Ada Guan, Board Advisor and Author, CIO, SISO, NED David Gee, and Governance Institute of Australia CEO Megan Motto, and moderated by Sekuro Chief Growth Officer Shamane Tan, Game On: The Business Trivia Arena picks the brains of these leaders in topics ranging from governance, to innovation.
Read on and enjoy the show!
True or False:
‘A global survey of 1,000 CEOs from large organisations found that 33% of these leaders are really concerned about their ability to effectively mitigate the damage caused by cyber attacks’
False
Commenting on this point, David shared about the challenge of CISOs/CIOs being faced with several choices and stakeholders, then having to make the decision about what to prioritise, and finally convincing the board to buy in on that decision.
Megan revealed that a recent survey found that two thirds of organisations surveyed felt that there was not enough attention being placed on cyber in the boardroom. She also stressed on the importance of data governance and capacity building, especially in data literacy, to get business owners up to speed on what they need to know in the digital era.
True or False:
‘The global big data analytics market, valued at $240 billion in 2021, is expected to reach $349.56 billion by 2024, and projected to grow even further, reaching $655.53 billion by 2029′
True
Ada cited research by Judo Bank finding a $94 billion funding gap between what the banks are providing and what SMEs need. This gap, she adds, can be explained by data. The current risk assessment system for lending to SMEs was invented in the 1950s. With the advent of AI, banks can have sufficient information through behaviour data to understand SME risk, a game changer on credit access.
True or False:
‘According to a survey by the National Association of Corporate Directors, having oversight for cyber security is ranked second as a “very important” improvement area for their board over the next 12 months’
False
Shamane revealed that out of more than 500 directors interviewed, the top three responses were strategy execution, strategy development and risk management. Cyber security comes in fourth.
Asked about what focal areas he would bring to a board, David replied that there would be no universal answer. On one hand, boards need to understand their risk appetite. On the other hand, David advised CISOs to ask themselves how they could support the board from an investment standpoint. As there would never be enough money to cover all the bases, being cognizant on what controls are most important would be helpful when presenting to the board.
Ada added that board directors are currently trying to catch up on information security and digital awareness, and with AI becoming a core competency, directors would need to be equipped with skills and experience in order to ask good questions.
Megan reiterated the importance of capacity building, and how people usually underestimate how much work is needed for upskilling in cyber security and AI. Another challenge in capacity building is for cyber security professionals to be able to communicate with directors who are not digital natives and yet are reluctant to admit what they don’t know.
Megan also shared about how boards prioritise by considering regulatory and compliance risk, reputational and other non-financial risks, and resource prioritisation. She went on to recommend focussing the board’s attention, for example on just three things: risk appetite, changing nature of risks, and the critical risk areas.
True or False:
‘Three out of five (~60%) Australians believe AI will help to develop new lines of business in the next three years’
False
Shamane reveals that it’s actually a higher number. Four in five Australians believe AI would help develop new lines of business.
Ada predicts that AI and generative AI will become very overused terms in the business world. This is compounded by the fact that many people, including investors, only think of generative AI as definitive of AI, when in fact there are other components such as machine learning.
True or False:
‘Nearly 90% of organisations experienced a breach in the last year that they can partially attribute to a lack of cyber skills and 70% attribute increased cyber skills to the skills gap’
True
David gave a warning about how as businesses adopt AI into their processes, new ethical issues would arise about what is acceptable or not, while Ada advised about continued learning and capacity building being the way to go.
Finally, Megan summed up that adopting AI into businesses needs to be culture driven, come from the top, and have systems in place to incentivise it.
Watch the full discussion below and stay tuned for more excerpts from Sekurokon 2024.