Efforts to engage executives were also struggling in Australia because of an historical lack of sharing about best methods around security, Day added: "It has been difficult to get examples that had meaningful costs and consequences," he explained, noting the appeal of looming mandatory breach-notification laws but noting that many businesses are heading off potential issues by being more proactive about sharing details of cybersecurity compromises.
"You never have enough resources to deal with everything at once," Day said. "But if businesses can adopt that proactive approach, I think there will be less pressure to institute something like mandatory breach laws." "Ultimately, the success statement around security needs to be driven from the executive; you just have to roll your sleeves up and start small."
Source: CSO Australia
Sign up for CIO Asia eNewsletters.