Cyber risk is increasingly on the minds of Australian and New Zealand business leaders due to the pervasive use of technology, in particular mobile technology, the proliferation of data and the dynamic nature of threats. The risks are only growing as our increasingly interconnected world makes it easier for cyber criminals to inflict damage online.

Organizations everywhere and of every size are being targeted and attacked by hackers who constantly adapt and innovate their methods. 90 percent of organisations in Australia claim to have faced some form of attempted or successful cybersecurity compromise during the 2015-16 financial year, a report from the Australian Cyber Security Centre (ACSC) has found.

The ACSC’s inaugural Cyber Security Survey [PDF] found that the 113 surveyed organisations faced numerous malicious cyber threats on a daily basis, with spear phishing emails alone affecting organisations up to “hundreds of times a day”.

The report was compiled to provide an overview of how prepared Australian organisations are to meet the growing cyber threat, the ACSC said, noting that experiencing a cyber incident is not a matter of if, but when and what type. According to PwC’s Global State of Information Security Survey 2016, 38% more security incidents were detected in 2015 than in 2014. Cyber security incidents are also common and recurrent for critical Australian businesses. CERT Australia, one of the partner agencies to the Government’s Australian Cyber Security Centre (ACSC), responded to 11,733 incidents affecting businesses in 2015, 218 of which involved systems of national interest and critical infrastructure.

In this environment it is essential that organizations – including the Executives and their Boards of Directors – understand the nature of the threat, their particular vulnerabilities and the risks cybersecurity threats present to them, and, most importantly, what they can and should do to mitigate exposure within appropriate risk tolerance levels