Caption: Australians want to see leaders held personally liable for data breaches. Photo: Shutterstock

The majority of Australians want someone to be held liable when a company suffers a cyber-attack and personal data is breached, according to new research.

Research commissioned by Palo Alto Networks and conducted by Savanta found that 92 per cent of Australians – nine in 10 people surveyed – want an individual to be held responsible when a company is impacted by a cyber attack.

More than half of those surveyed believe a board director or C-suite executive should be held responsible, while 44 per cent said it should be a frontline technology worker.

Under new laws passed in Australia, the company fine for a repeated or serious data breach has been increased to $50 million.

This only applies to a company, and currently individuals cannot be held responsible for company data breaches.

The new research shows that Australians understand that cyber security is a whole-of-company issue, rather than one the IT team is solely responsible for.

“Cyber security is really an organisation-wide effort,” Palo Alto Networks VP and regional chief security officer, Asia-Pacific and Japan, Sean Duca, said.

“IT and security teams may be on the tools, but there is a ceiling as to how strong an organisation’s cyber defences can be and that is set by leadership.

“It’s one thing to invest in the right tools, but to truly protect an organisation you must have the right processes in place across the board.

“Education is also key, but this goes beyond a one-off seminar – in addition to regular training, employees need to see cyber security prioritised across the business in order to maintain proper security hygiene.”

The research found about 70 per cent of Australians think that not enough corporate leaders are being held accountable for data breaches.

In terms of consequences, 67 per cent of those surveyed said that leaders should be hit with fines and jail time when they haven’t taken reasonable steps to protect personally identifiable information.

Cyber security and data breaches have been in the spotlight this year following a series of significant incidents in Australia. The personal information of 9.8 million Australians was breached after telecommunications giant Optus was hit with a cyberattack.

This was closely followed by the Medibank hack which saw the private health data of 9.7 million customers leaked onto the dark web. This came after Medibank refused to pay the hackers a ransom.

The Palo Alto Networks research also found that just over half of those surveyed said businesses shouldn’t always meet the demands of a hacker.

Respondents said that the businesses they trust the most are in the banking and healthcare sector, while only half of those surveyed said they trust the government with their personal data.

“Australian banks are some of the most digitally advanced in the world, and invest heavily in cyber security, so it’s not surprising that Australians trust them more than any other type of business,” Duca said.

“What was surprising is that the majority of Australians trust healthcare organisations, considering the sensitivity of the data they hold and the sector’s historically underinvestment in cyber security. Perhaps the fact that these are two of the most heavily regulated industries gave Australians some level of comfort that they’d provide adequate cover.”

The least trusted industries were advertising, with only 27 per cent of people saying they trust businesses in the sector, followed by tech and social media, and retailers.

Just over a third of people said that they believe private sector organisations are doing everything they can to protect their data.

The insurance industry regulator has previously said that executive compensation could be slashed due to data breaches, warning that there is ‘intensified” scrutiny around cyber security following several high-profile breaches this year.

This article was originally published in ACS InformationAge