Palo Alto Networks research finds Australians blame execs more than tech workers when their organisation is attacked.

More than nine in ten Australians (92%) want someone to be held liable when an Australian company is breached in a cyber attack, and one in two Australians want that person to be a board director or a C-suite executive, according to the latest research from Palo Alto Networks. 

Conducted by Savanta, the research found that 50% of Australians thought board directors or C-suite executives should be liable for their companies suffering a cyber attack, compared to only 44% believing that frontline tech workers should be held responsible. 

Seven in ten Australians believe not enough corporate leaders in Australia are held personally accountable after data breaches occur at their organisations, while 67% believe leaders should face fines and jail time where they have not taken reasonable steps to protect personally identifiable information.

“Cyber security is really an organisation-wide effort,” said Sean Duca, VP and Regional Chief Security Officer Asia Pacific & Japan at Palo Alto Networks.

“IT and security teams may be on the tools, but there is a ceiling as to how strong an organisation’s cyber defences can be and that is set by leadership.”

“It’s one thing to invest in the right tools, but to truly protect an organisation you must have the right processes in place across the board. Education is also key, but this goes beyond a one-off seminar – in addition to regular training, employees need to see cyber security prioritised across the business in order to maintain proper security hygiene,” said Duca

Australians are split when it comes to data breaches where the cyber criminal is demanding a ransom, with a slight majority (53%) believing that businesses should not always meet hackers’ ransom demands. 

The majority of Australians trust businesses in the banking and healthcare sectors with regard to cyber security, but are split (50%) on whether to also trust the government to protect their data.

These are the only three sectors that 50% or more of Australians trust, and only 36% of Australians trust that private sector businesses overall are doing everything they can to protect customer data. 

The least trusted sectors in Australia are advertising (27%), technology and social media (33%), and retail (34%). Poor cyber practices are especially risky for retailers, as 68% of Australians would not return to an online retailer if the retailer lost their data in a cyber breach.

“Australian banks are some of the most digitally advanced in the world, and invest heavily in cyber security, so it’s not surprising that Australians trust them more than any other type of business,” added Mr Duca.

“What was surprising is that the majority of Australians trust health care organisations, considering the sensitivity of the data they hold and the sector’s historical underinvestment in cyber security.

“Perhaps the fact that these are two of the most heavily regulated industries gives Australians some level of comfort that they’d provide adequate cover,” he said

Overall, 69% of Australians say the security reputation of a business is very important when asked to disclose personal information, and 77% expect most Australian organisations to increase cybersecurity spending in the next 12 months.