Kapil Kukreja

As Cyber Security Awareness Month focuses on the growing threat of cybercrime, HLB Mann Judd Melbourne partner, Kapil Kukreja, is urging Australian businesses to take a proactive approach to managing cyber risks and protecting their data.

Although the impact of cybercrime in the news is often focused on large high-profile companies – such as Qantas in recent times and Optus and Medibank before that – the fact is that businesses of any size can be impacted, he said.

“Cybercrime continues to rise in both frequency and sophistication, and no business is immune,” said Mr Kukreja.

“For many businesses, the question is no longer if they will face a cyber incident, but when.”

He said that while technology plays a critical role in defence, the biggest vulnerabilities often come down to people and processes.

“Human error remains one of the most common causes of data breaches, whether from clicking on phishing links, to mishandling sensitive information. Building a culture of awareness and accountability across all levels of an organisation is just as important as investing in security systems,” Mr Kukreja said.

According to the Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report, the ACSC received over 84,700 cybercrime reports through its ReportCyber portal, although it noted that many more go unreported.

The average self-reported cost of cybercrime per report was ~$33,000 per individual (up 8 per cent on last year), and ~$80,850 for businesses (up 50 per cent on last year) – with large businesses reporting a cost of ~$202,700, up 219 per cent on the last year.

This is echoed by the HLB International Cybersecurity Report 2024, which flagged that 39 per cent of businesses reported a rise in the number of attacks, with a further 29 per cent experiencing more severe consequences from cyberattacks in the past year.

Further, many businesses still underinvest in security measures with only 29 per cent implementing AI-related security and governance controls.

Mr Kukreja noted that the cost of a breach goes far beyond immediate remediation, noting the recent Qantas case.

“There’s business disruption, regulatory scrutiny, customer-trust erosion, legal exposure, not to mention potentially lasting reputational damage. In the Qantas case, the scale and depth of the breach will likely have long-lasting effects.”

Mr Kukreja recommends that businesses take several key steps to strengthen their cyber resilience:

• Ensure the business has a defensible architecture. For example, zero trust principles (never trust always verify), strong authentication such as multi-factor authentication (MFA), and least-privilege access, granting users and systems only the minimum permissions necessary for their roles
• Build your supply-chain and supplier risk strategy. Map out your supply chain network to identify critical third parties and evaluate their cyber hygiene. Third parties may be weaker links
• Invest in identity and access controls. Regularly review accounts for inactive users and immediately revoke access for former employees or contractors.
• Train staff not just once, but as part of an ongoing training program given increasing sophistication. Focus on emerging threats, like GenAI-driven phishing, deep fake emails, and sophisticated impersonation attempts.
• Review and modernise your technology stack. Identify legacy systems that may have known vulnerabilities and update or replace with modern and supported platforms.
• Monitor regulatory or national-security developments. Stay informed of changes to cybersecurity regulations, incident reporting laws, privacy obligations, and government-issues advisories.

“Cybersecurity is no longer an IT issue, it’s a business responsibility, and a shared responsibility. Businesses must protect their people, systems, and customers. That means modernising technology, strengthening access controls, continual staff training, and keeping a close eye on emerging threats.

“The reality is clear – cyber risks are growing and businesses that prepare today are the businesses that will thrive tomorrow,” said Mr Kukreja.

The post Australian businesses urged to strengthen defences during Cyber Security Awareness Month appeared first on AdviserVoice.

Kapil Kukreja

Australian businesses are facing a perfect storm of cybersecurity threats, as the rapid adoption of artificial intelligence (AI), ongoing credential-based attacks, and inconsistent governance combine to expose critical vulnerabilities in businesses, according to Kapil Kukreja, partner, HLB Mann Judd Melbourne.

Last year Australians reported a total of $2.3 billion in losses due to scams. Mr Kukreja says businesses can no longer afford to treat cyber risk as a back-office function.

“Cybersecurity is now a strategic issue. Between the rise of AI, increasing attack frequency, and gaps in governance, businesses are exposed on multiple fronts, with many still overlooking basic protections.”

HLB International’s Cybersecurity Report released in 2024 found that 39 per cent of businesses reported a rise in the number of attacks, with a further 29 per cent experiencing more severe consequences from cyberattacks in the past year.

Despite this, many businesses still underinvest in security measures with only 29 per cent implementing AI-related security and governance controls, and just a quarter (24 per cent) running ongoing cyber awareness training.

“Many organisations are still approaching cybersecurity as a one-off investment rather than a continuous, evolving discipline. The growing sophistication of cyber threats demands not only smarter technologies, but a proactive mindset, embedding security into every layer of the business,” says Mr Kukreja.

He said the recent cyberattack on multiple Australian organisations highlights the urgency of strengthening basic cyber hygiene across all sectors and sizes of business.

“One of them wasn’t a sophisticated hack, it relied on previously leaked passwords and weak access controls. It’s a warning that the fundamentals still aren’t being done well enough,” he said.

According to the HLB survey, 64 per cent of businesses now consider cybersecurity a major strategic priority, but there remains a clear gap between intent and action.

“The threat landscape is evolving rapidly, and businesses must evolve with it – including governance, operations, technology, and culture. Boards, executives, IT leaders and staff all have a role to play. Cybersecurity is no longer optional. It’s foundational to business continuity, reputation, and trust. The organisations that act now will be far better positioned for the future.”

Mr Kukreja outlined key recommendations for businesses looking to strengthen their systems:

• Audit AI usage and ensure any adoption is supported by governance frameworks. As businesses increasingly integrate AI tools into operations, it’s essential to understand how and where AI is being used. Regular audits can uncover risks, ensure compliance with data and privacy laws, and confirm that AI usage aligns with ethical and security standards. Robust governance frameworks should guide AI deployment to avoid unintended consequences and vulnerabilities.
• Increase training frequency – not just annually or post-incident, but ongoing. Cybersecurity awareness training should be part of the business, not a checkbox exercise. Continuous education through monthly updates, phishing simulations, or microlearning modules, helps staff stay alert to evolving threats and reduces the likelihood of human error, which remains a top vector for breaches.
• Understand third-party risks especially vendors with access to business systems. Suppliers, contractors, and software providers can inadvertently introduce vulnerabilities. Conduct regular assessments of third-party security practices, ensure contracts include cybersecurity obligations, and limit access based on the principle of least privilege to reduce exposure to external threats.
• Keep systems patched and updated to prevent known vulnerabilities being exploited.Many cyberattacks exploit known flaws for which fixes already exist. Timely patching of software, operating systems, and firmware is one of the most effective ways to shut the door on attackers and maintain strong baseline security.
• Test incident response plans regularly to minimise disruption and recovery time. Having a plan isn’t enough, it must be tested under realistic conditions. Regular tabletop exercises and simulations help ensure everyone knows their role, uncover gaps in the plan, and improve the speed and effectiveness of responses when a real incident occurs.

The post AI, cyber threats, and operational risk: businesses must update mindset on managing cyber risk appeared first on AdviserVoice.

Kapil Kukreja

New research from HLB International, the Survey of Business Leaders 2025, has highlighted the growing role of artificial intelligence (AI) in driving business innovation and profitability as companies adapt to huge technological advances.

According to Kapil Kukreja, partner in risk, assurance and consulting with HLB Mann Judd Melbourne, business leaders increasingly see artificial intelligence (AI) as an essential tool, not just for improving business efficiency and profitability but also for improving the capacity and training of their workforces.

“The survey found that 69 per cent of business leaders around the world rate AI as the most important technology over the next five years, an uptick on last year when 65 per cent singled out AI.  Globally, 71 per cent of leaders say they are focusing on using AI for predictive analytics to track future trends, while 55 per cent, are using AI to improve business agility,” Mr Kukreja said.

The survey reveals that business leaders have fine-tuned their approach to AI and are modernising their operating models to enable new ways of working as well as new customer-facing offerings and technology-driven innovation.

“Business leaders have recognised the need to adapt, with quick action often needed. Technological advances, such as the doubling of computer processing power every four years, are accelerating innovation cycles. Many leaders have refined their approach, transitioning from broad experimentation with technology to targeted strategies aimed at enhancing the performance of their workforces, analytics, and, ultimately, profitability.

“Notably, 44 per cent of highly profitable companies are ahead on the AI maturity curve. Profitability is essential for the growth and sustainability of any enterprise, particularly given the current market conditions that are demanding greater agility. AI is increasingly used as part of business strategy,” Mr Kukreja said.

Cultural transformation is also important for progress, business leaders said. The survey found that profitable businesses are intentional about fostering a culture of innovation, which includes breaking silos, encouraging collaboration and leveraging AI and data analytics to understand market trends and customer behaviour.

“These actions create fertile ground for sustained profit and growth. In this year’s research, a shift in focus is evident: profitability takes centre stage over high growth rates,” Mr Kukreja said.

“In terms of using AI in the workforce, these include AI-driven training programs, streamlined recruitment processes, and predictive workforce analytics that support better decision-making across teams.”

This year’s survey also reveals that high-performing organisations, identified as ‘profit accelerators’, are overcoming challenging market conditions by focusing on three key levers of profitability—operational efficiency, innovation, and talent management.

“When looking at operational efficiency, 65 per cent of profit accelerators are considering large-scale operational transformations, such as modernising/adopting new technology systems (61 per cent) and streamlining processes (46 per cent).

“Furthermore, investment in people is also important, with 55 per cent of profit accelerators focussing on learning and development to improve the effectiveness of their workforce. Nearly half of profit accelerators report having a high performing and engaged workforce,” said Mr Kukreja.

The 2025 HLB Survey of Business Leaders gathered insights from over 1,200 leaders across 50-plus countries and was supported by expert interviews. The findings reveal that the most profitable companies, or those with profit growth of 5 per cent to 10 per cent or more, stand out for their agility and technology focus.

“Among these, 37 per cent consider their operating model optimal, compared to less than 15 per cent of their peers, underscoring the value of adaptability. Over the past decade, agile organisations with empowered teams have consistently outperformed their peers, demonstrating a unique ability to pivot quickly and capitalise on emerging opportunities,” Mr Kukreja said.

The post Businesses increasingly adopting AI to improve operations appeared first on AdviserVoice.

Kapil Kukreja

Businesses using AI without proper controls in place, coupled with a rising number of cyberattacks, means Australian organisations are facing a confluence of cybersecurity challenges, according to the HLB 2024 Cybersecurity Report.

The fifth edition of HLB’s Cybersecurity Report provides a snapshot of the current cyberthreat landscape and highlights actions leaders have taken since 2020 to become more cyber-resilient. HLB International surveyed over 600 senior IT professionals globally in September 2024 via an online questionnaire about the main cybersecurity threats of today, their progress in implementing cyber strategies and the dual role of AI.

A significant number of businesses surveyed (92 per cent) have observed ongoing cyberattacks, and many report an increase over the past year, says Kapil Kukreja, risk assurance partner at HLB Mann Judd Melbourne.

“Yet despite these threats, some organisations are still overlooking basic security measures, leaving themselves very vulnerable to breaches which can compromise their business operations.”

He highlighted the increasing use of AI without adequate defence systems as a major concern.

“Over one-quarter (28 per cent) of organisations are either using or planning to use AI but don’t have adequate security controls.  This is a critical gap in cybersecurity governance,” said Mr Kukreja.

“The consequences of neglecting AI governance can be severe. One key concern is the potential for AI to be weaponised – a risk that is heightened by its scalability and autonomous operations, which poses a significant threat to data security.

“This not only exposes businesses to potential vulnerabilities but also highlights the urgent need for comprehensive AI governance frameworks. Companies must prioritise putting in place robust security measures alongside their AI initiatives, to safeguard against emerging cybersecurity threats,” he said.

The increasing incidence and sophistication of cyber threats is evident in the latest HLB report, with 39 per cent of companies reporting a rise in attacks and 86 per cent of surveyed professionals expressing heightened concerns over cybersecurity threats.

The survey also revealed that 29 per cent of respondents have reported more severe consequences from cyber-attacks in the last 12 months, underscoring the urgency for comprehensive AI governance.

“Companies should establish controls and oversight mechanisms to ensure AI technology is used ethically and securely. They should also invest in regular audits and risk assessments, identifying potential vulnerabilities before they can be exploited by cyber criminals. Organisations must also focus on integrating AI with existing cybersecurity measures to detect and prevent AI-driven attacks more effectively,” Mr Kukreja said.

He added that businesses must also develop robust recovery strategies to manage a potential cyberattack.

“The fact that only a third of firms feel very confident in their ability to recover quickly from a cyberattack is concerning. This underscores the importance of not only implementing robust preventative measures but also developing comprehensive incident response and recovery plans. This will allow organisations to respond swiftly and effectively in case of a breach.

“As part of the overall security posture, it is important to understand third-party vendor risks which are often overlooked by organisations such as email exploitation, leading to potentially critical impacts to business operations and reputation. In particular, smaller vendors may lack robust security measures, making them attractive targets for cybercriminals,” said Mr Kukreja.

“In the wake of a series of major outages throughout 2024 nationwide, bolstering cybersecurity defences remains a strategic imperative for businesses as they face an increasing number of sophisticated attacks.”

Other key findings from the report include:

• despite rapid AI advancements, only 29 per cent of companies have implemented additional security and governance controls related to AI
• 64 per cent of businesses consider cybersecurity a major strategic priority
• 24 per cent of organisations now run ongoing cybersecurity awareness training programs, up from 20 per cent in 2023
• 47 per cent of respondents identified email exploitation as a major threat
• 30 per cent of businesses only engage in staff cybersecurity audits annually or post-incident
• 40 per cent of organisations conduct cybersecurity training quarterly or bi-annually
• 80 per cent of companies have incident response plans in place.

The post HLB 2024 Cybersecurity Report reveals rising AI risks appeared first on AdviserVoice.

Kapil Kukreja

Less than one in five leaders in information technology have ongoing cybersecurity awareness programmes in place, while just a quarter invest in annual cyber training, according to the 2023 HLB Cybersecurity Report.

The fourth edition of the report – released during the Federal Government’s Cyber Security Awareness Month – surveyed 750 senior IT professionals globally. It provides a snapshot of the current cyber-threat landscape and highlights the key actions leaders have taken since 2020 to become cyber-resilient.

The report found 50 per cent of business leaders saw an increase in cyber-attacks over the past 12 months, with another 35 per cent indicating the attack levels stayed the same as last year. Cyber-attack frequency and sophistication continue to increase proportionally to organisations’ digitisation efforts, with an estimated 1248 attacks per week worldwide.

62 per cent of leaders expect cybersecurity risks to become even more prominent over the coming five years, with the democratisation of malicious software, the rapid pace of digital transformation, ongoing geopolitical conflicts, and economic uncertainty combining to create the perfect environment for hackers.

HLB Mann Judd Melbourne partner, Kapil Kukreja, said the report findings are a stark reminder that many organisations remain unprepared for the financial and reputational impacts of a cyber breach.

“Australia has unfortunately recorded a number of very high-profile cybersecurity breaches in recent years, including Canva, Optus, Medibank and Latitude Financial Services. These four companies are across four different sectors, and are just the tip of the iceberg in terms of total number of companies subjected to a breach.

“All businesses – irrespective or size, sector or structure – need to be sufficiently prepared and ensure processes are watertight, appropriate budgeting is allocated, and staff and management are routinely trained in best-practice cyber techniques.

“Business owners, company boards and senior executives are ultimately accountable, but everyone has a role to play in safeguarding operations against an attack, which are becoming more prevalent, despite increased awareness,” he said.

An emerging trend observed in the findings is the impact artificial intelligence (AI) will have on operations, with 47 per cent of IT professionals surveyed indicating they are concerned about AI-related attacks and have implemented corresponding defence strategies.

One third of respondents (34 per cent) said they are aware of a variety of AI-enabled security tools in the market, however they are yet to explore the option of deploying them. Further, 89 per cent of leaders are concerned with the current pace of technological innovation, particularly in generative AI, and the potential increase in cyber-related risk, of which 34 per cent are very concerned.

“AI is an exciting development for businesses, including our own, however as with all untested advances, organisations can achieve the best security outcomes by combining technological innovations with ongoing investments in people and processes.

“Cybersecurity automation solutions can help organisations respond faster to data breach events, but exclusively relying on machines to prevent an attack could have disastrous consequences,” said Mr Kukreja.

The post Cyber awareness improves while accountability lags appeared first on AdviserVoice.

Kapil Kukreja

Businesses are increasing their allocation of funds towards cyber security however questions remain over whether funds are being directed to the right areas, according to HLB Mann Judd risk and assurance partner, Kapil Kukreja.

Mr Kukreja said while an estimated 78 per cent of businesses are increasing their investment in cyber protection measures, budgets need to be apportioned to people and processes, not just technology infrastructure.

“Given the exponential rise in hacking attacks in recent months – including some high-profile cases – it is encouraging to see Australian businesses upping the ante on the need to protect their systems.

“However, it’s equally critical to ensure these funds are invested in the right manner and to the right areas to mitigate cyber security risks – and this applies to businesses large and small, and across every sector,” he said.

According to recent research, global cyber-attacks increased by 38 per cent in 2022, with 43 per cent of all cyber-attacks aimed at small businesses. Further, by the end of 2023, the annual global cost of cybercrime is predicted to top $8 trillion, with a business falling victim to a ransomware attack every 14 seconds.

“The prevalence of attacks is irrefutably increasing, and business owners and company boards need to safeguard their operations from such threats by allocating sufficient budgets for technology, training and human resources,” Mr Kukreja said.

As a general rule, he said all businesses should set aside 1-5 per cent of their annual IT budget for cyber security measures, including training of staff.

“This is a guide and it will depend on a range of factors, such as the nature of the business and complexity of its systems, but the key for all businesses is they need a budget available, along with a formal cyber strategy and cyber response plan.

“It’s about befitting approach and it can’t be an after-thought – the consequences are too dire,” he said.

Small businesses account for more than 97 per cent of all Australian businesses. The Australian Cyber Security Centre (ACSC) estimates 43 per cent of all Australian cyber-crime is directed at small businesses, with cyber criminals aware of limitations in investing in cyber security measures.

The ACSC puts the average cost of cyber-crime to small business at $39,000; $88,000 for medium business, and over $62,000 for large business. Currently, cyberthreats and scams targeting small businesses cost the Australian economy an estimated $29 billion a year.

Under the new Cyber Warden Program, the Federal Government will be investing $23.4 million in cyber wardens to build small business cyber resilience, with up to 60,000 wardens available in the next three years. Some of the most at-risk sectors include government, health and social assistance, information and telecommunications, and education and training.

“Hackers don’t discriminate…if a system carries any vulnerability, they will be able to exploit it and use the information obtained to their advantage.

“The reputational and financial consequences for businesses are so great, that directing the right amount of funds into the right areas should now be considered the number one operational priority,” he said.

The post Allocation of cyber budgets key to mitigating breaches appeared first on AdviserVoice.

The appointments are within the network’s taxation, audit, business services and corporate advisory divisions and, according to association chair Tony Fittler, reflect the depth of HLB Mann Judd which allows for promotion from within the association.

“Our new appointments have all been with the HLB network of firms for some time and while attracting quality staff in this market can be a challenge, retaining them is another. These promotions recognise the value of the knowledge and expertise that our people have developed.

“Staff are the backbone of professional service firms, and we do our utmost to acknowledge skills and expertise, as well as commitment.

“The network congratulates each of the eleven appointed to their new roles, and looks forward to the important contribution they will continue to make to their respective firms,” he said.

The new appointments are:

• Kapil Kukreja has been appointed as a partner to the Melbourne firm. He has over 14 years of experience in providing professional advisory services including internal audit, risk management, fraud investigations, Sarbanes-Oxley Section 404 compliance, cyber security, probity, and process mapping and improvement projects. Mr Kukreja holds a Master of Business (Finance and Accounting), a post graduate diploma in Professional Accounting and a Bachelor of Commerce (Honours). He is also a certified internal auditor (CIA), six sigma green belt, and is a member of the Institute of Internal Auditors – Australia.
• Donna Emsies has been promoted to director within the Sydney firm’s tax consulting division, specialising in corporate and international tax. Ms Emsies has over 15 years’ experience in tax advisory, tax compliance and tax disputes, working with multinationals and large Australian corporations as well as private companies, family offices and high wealth individuals. She holds a Bachelor of Economics from the University of New South Wales, and has professional qualifications from the Tax Institute of Australia and Chartered Accountants Australia and New Zealand.
• Hardik Shukla has been appointed to director in the audit and corporate advisory division in the Sydney firm. He has over 14 years’ experience in audit and assurance, and his expertise lies particularly in audit and financial reporting services for large private businesses, not for profits and companies listed on the Australian Securities Exchange. Mr Shukla holds a Bachelor of Commerce (Accounting), a Master of Business Administrations (Professional Accounting) and is a member of Chartered Accountants Australia and New Zealand.
• Victor Babin has been appointed to director of audit and assurance in Sydney. Mr Babin specialises in auditing complex international groups with high volume transactions including using data analytics in the auditing process. He holds a master’s degree in Finance and Audit, is a French chartered accountant and is a member of the French-Australian Chamber of Commerce & Industry (FACCI).
• Helena Yuan has been appointed to director of tax consulting in Sydney. With over 20 years’ experience in the business services and taxation areas, Ms Yuan works with clients from a wide range of industries including retail, professional services, manufacturing, property development and the not-for-profit sector. She holds a Bachelor of Commerce from the University of New South Wales and is a member of Chartered Accountants Australia and New Zealand.
• The Sydney firm has also appointed Warrick Oakes to director for the corporate advisory division, specialising in mergers and acquisitions. Mr Oakes has over a decade of experience providing advisory and assurance services across a diversified range of entities and industries. He holds a Bachelor of Arts (Hons) from Loughborough University in the UK, a Graduate Diploma Chartered Accounting and is a member of Chartered Accountants Australia and New Zealand.
• Heather Leffler has been appointed to director of the audit, assurance, and corporate advisory division in Sydney. Ms Leffler has more than 9 years’ experience specifically relating to audit and assurance services, both locally and in the UK. She holds a Master of Arts in Accounting and Finance and is a member of the institute of chartered accountants of Scotland.
• Marcus Polovineo has been appointed to director, tax consulting in Sydney. He is an experience taxation practitioner and has established extensive tax and commercial knowledge, priding himself in taking a practical, client-based approach to all tasks. Mr Polovineo holds a Bachelor of Business, is an affiliate of the Tax Institute of Australia and is a member of Chartered Accountants Australia and New Zealand.
• Laura Kemueli has been appointed director in the Fijian firm’s audit practice. Ms Kemueli has over 15 years’ professional experience in audit and assurance and business advisory services, having commenced her career in audit for US state and local governments. She holds a Bachelor of Business Administration from the University of Hawaii.
• The Fijian firm has also appointed Atnesh Prasad to director of taxation. Mr Prasad has more than 10 years’ experience in accounting, business advisory and taxation service. He holds a Bachelor of Commerce in Accounting and is a Chartered Accountant with the Fiji Institute of Accountants.
• Sanjay Ram Saxsena has been appointed to director within Fiji’s Business Services division. Mr Saxsena has been with the firm for 16 years, and advises small to large corporate clients on various aspects of accountancy and financial services. He holds a Bachelor of Arts in Accounting and Financial Management and Information Systems, and is also member to Fiji’s Institute of Accountants.

Earlier this year, HLB Mann Judd was named Best Accounting & Consulting Services Firm ($50-$200 million revenue) at the annual Client Choice Awards. It is the eighth time the firm has won the category, and the third consecutive year of winning the award.

The post HLB Mann Judd makes 11 new appointments appeared first on AdviserVoice.

Kapil Kukreja

Awareness of cybersecurity and online risks for businesses have increased markedly since the outbreak of the COVID-19 pandemic, but there is still a need to improve understanding and skills, says Kapil Kukreja, director – risk, assurance and advisory at HLB Mann Judd Melbourne.

“Over the past 12 months, we have seen cyber-risk starting to be talked about at the very top levels of businesses, both board and executive.

“According to the latest HLB Cybersecurity Report, released this month, almost a half (47 per cent) of C-suite executives globally are concerned or very concerned about the risks to their business from cybersecurity issues.

“In part, this heightened awareness has been driven by the increase in people working from home during the pandemic, creating a greater level of risk for organisations. This has triggered a shift in how companies view cyber-security and, perhaps more significantly, the likelihood of it affecting them.

“Whereas previously it was treated as a technology issue and responsibility, now it is recognised as a critical business risk and is being taken very seriously.

“While this is a step in the right direction, there remains a gap in the skillset of board members and directors in being able to appropriately assess the information they are receiving, and benchmark their organisation’s activities to industry standards,” he says.

Mr Kukreja says that while boards and management are now asking the right questions about what the business needs in terms of extra resources or system upgrades, they must also ensure they are equipped to fully understand the responses.

“From a corporate governance perspective, executives can’t simply rely on what they are being told by others in the organisation – they need to be able to properly analyse and assess the information and make decisions on whether the steps being taken to protect the business from cyber-risks are robust enough and meet requirements.

“As cyber-security continues to grow as an organisational threat, this gap in knowledge will become even more of an issue.”

Cyber-crime has been steadily rising in recent years, particularly in Australia.  Statistics from The Australian Cyber Security Centre Annual Cyber Threat Report 2020-21 show that it has increased by 13 percent between 2020 and 2021, with a cyber-crime reported every 8 minutes in Australia in 2021, compared with 10 minutes in 2020.

Mr Kukreja points out that reported crimes are likely to represent only a fraction of actual crimes.

“Cyber-crime covers a gamut of activities, from an email sent by a purported Nigerian prince, to hacking the database of a financial institution to access personal details of millions of customers.

“There are a few steps that businesses can take to help protect themselves from a cyber-attack. It’s vital to have a security framework in place to manage cybersecurity risks, and this framework should be benchmarked against security standards such as those available from the National Institute of Standards and Technology or Essential Eight Maturity Model developed by Australian Signals Directorate, so that any gaps can be identified.

“It is recommended that businesses conduct vulnerability assessment and penetration testing on a regular basis to identify cyber security exposures in their IT environment. It’s also critical to introduce, for instance, multi-factor authentication and adequate password protocols.  In addition, with more people working from home, secure cloud-based technology, virtual private networks (VPNs) and encryption methods are essential.

“However the most important aspect of any cyber-security protection plan is the human side.  Businesses can have the most advanced and technologically sound security infrastructure in place but all it takes is one small mistake by an employee, and it can easily come undone.

“Therefore aspects such as training for all staff on a regular basis, and running frequent tests, is absolutely vital,” Mr Kukreja says.

The post Cybersecurity a corporate governance concern as cyber risks increase appeared first on AdviserVoice.