Boards are struggling with understanding cybersecurity says Eaglecrest CEO David Pretorius
Pretorius explain that a lack of cyber awareness is the biggest trend he is seeing at the moment.
Boards and executives are still struggling with understanding cybersecurity which is the biggest challenge for partners, according to David Pretorious, CEO at Eaglecrest.
Speaking to CRN Australia, Pretorius noted that once partners understand cybersecuritythey can educate boards and executives who can then translate that down to their staff.
“That seems to be the biggest trend that everybody struggles with,” he said.
“Or getting the IT person to sort that out. It's not just the IT [department] it's actually risk. We're seeing that trend everywhere. It's not just here, it is in America, in Australia and in Tasmania.”
Pretorius explained his concern is around the not-for-profit boards and executives, because they are more vulnerable.
“If they get hit, or they get ransomware, they look after the disability sector, or they're looking after all these not-for-profits, and if they get taken out, so it's a big chunk of something and people can get hurt,” he said.
“We're really concentrating on educating boards, educating their executives so they can be as secure as they can be, and aware as they can be, and risk averse is probably the main thing.”
One of the reasons Pretorius believes boards have a lack of understanding around cyber is because it is a technical term.
“Board members tend to be an older generation that are a little bit scared of tech,” he said.
“Our industry makes it all about the tech, and they come up with another acronym that is confusing.”
"They're meant to be in charge and make decisions, but they don't understand. So they bluff their way through it, they ignore it, or the CEO goes, I need more money for IT and the board goes, ‘why it's a cost centre?’, as opposed to its risk mitigation.”
Pretorius noted if boards educate themselves around cybersecurity, they will understand why they need IT.
“Then they can go, ‘we'll find more money to mitigate risk’. It's got to be a totally different discussion board level.”
Education and risks
In terms of educating boards, Pretorius explained that he frames cybersecurity as a fiduciary responsibility.
“Risk management is everything, we make sure everything we put around tech is about risk,” he said.
“It can't be about bits and bobs and speeds and feeds.”
When making cybersecurity-based decisions, Pretorius makes sure that the board knows it’s ultimately their decision, their risk.
"The CEO doesn't own it, but the board owns it. Please make a decision, and we'll back you, but you've got to make a decision,” he said.
He noted that this way of working, is getting results and his customers are pleased.
"We've seen that because it seems to work the best, and they just also go, ‘we're getting better, the dials are slowly moving towards green, and we're happy with that’,” he said.
“They can show progress. They can show the cyber insurance company, or whoever it may be, or the government, if they're getting funding, they are being diligent.”
Eaglecrest is a team of 20 with offices in Launceston and Hobart, they also have plans to branch out to Victoria this year.
Pretorius said the company is a compliance-first MSP.
“We don't have a lot of deep verticals in Tasmania, there's just not enough customers for half a million people, so it's a little bit of everything. But we do specialise in where there's boards that need compliance,” he said.