Geopolitics, cyber security the top concerns for execs, but preparedness is lacking

A new survey by advisory and restructuring firm McGrathNicol found that 80 per cent of Australian executives believed that geopolitical issues would pose challenges to their operations over the next 12 months.

However, 70 per cent of organisations failed to conduct due diligence on key suppliers, and 71 per cent did not consider their suppliers’ own security as a metric.

The report identified growing awareness of challenges including supply chain issues, cybersecurity and geopolitical threats, but also found persistent gaps in preparedness.

“Robust due diligence, ongoing monitoring and enhanced contractual safeguards are required so that business leaders can better understand their supply chains and who they are doing business with,” Matt Fehon, head of advisory at McGrathNicol, said.

“Executives are expected to understand the connection between cyber, geopolitical, data, and insider risk, and carefully manage the third parties they are dealing with. The courts and regulators increasingly view these risks not as a costly business failure, but as a failure of good corporate governance with disastrous flow-on effects for others along the global supply chain.”

With AI uptake projected to grow across the Australian economy over the next three years, McGrathNicol found that AI posed both challenges and opportunities for firms. While AI could drive operational efficiencies, executives were cognisant of the potential for new security, governance, regulatory, ethical and data privacy challenges.

Two-thirds (67 per cent) of Australian executives ranked cyber risk as a ‘top five’ concern, and 49 per cent expected cyber security challenges to grow in the coming year.

Some organisations had also explored using AI to bolster their cyber defences, including automated incident response and continuous security monitoring, the survey found.

The report warned that organisations would need to balance innovation with strong risk frameworks including ethical AI use guidelines and adequate staff training.

McGrathNicol also warned that critical supply chain vulnerabilities and counterparty risks were still being overlooked. The survey found that 82 per cent of organisations were not conducting risk assessments beyond their first-tier suppliers.

“Supply chain compromises have become a particular area of concern, as cyber criminals realise the benefits of targeting one supplier to simultaneously gain access to multiple organisations,” the report noted.

“This 'one-to-many' attack strategy is highly effective and has prompted organisations to reconsider their approach to third-party supplier security assessments.”

As the geopolitical environment becomes more fraught, foreign interference is becoming a more salient threat, even for smaller firms.

BDO risk advisory partner Luke Eason told Accounting Times that seemingly ‘low-risk’ organisations could serve as stepping stones to higher-risk sectors.

“A small software firm supplying code to a defence contractor can be just as attractive a target as the contractor itself,” he wrote for BDO.

Eason added that accounting firms could hold valuable client information which could be utilised by foreign actors.

“Accounting firms and professional services firms of all sorts hold an awful lot of confidential information about clients,” he said.

“To me, it's not at all a stretch to imagine that an adversary could use a professional services provider as a step into another organisation as part of the overall surveillance information gathering.”