August 16, 2018
Share this post:
What you need to know about security and the Australian Privacy Act
Author: Chris Hockings, Chief Technology Officer IBM Security
How would your company react if it lost $1M off its bottom line?
Heck. What about if you lost $2.51million?
With the growing threat of cyber – the question is when will you face a data breach, not if – losing this amount of money is an unfortunate reality for businesses. According to Ponemon and IBM’s 2017 “Cost of a Data Breach” report*, the average total cost of a data breach to Australian organisations is A$2.51 million.
And this loss doesn’t take into account the reputational damage or fines for breaking legislation.
With cyber now a key issue for businesses to grapple, new regulations around how businesses respond to data breaches came into play in Australia in February 2018. Legislation in the Privacy Act state businesses must assess and respond to suspected breaches within 30 days of discovering them, or risk fines of up to A$1.8m.
Currently it takes businesses 175 days on average to identify a breach, highlighting the improvement in response times required in Australia. To meet customer expectations, this means businesses need to be able to cut response times significantly to meet expectations of customers and the government.
So, with the changes to government regulations and the growing threat landscape, what steps do you need to follow to boost response times and protect your bottom line?
Organisations today have little choice but to increase investment in cyber security over the next five years, with a longer-term strategy paying the biggest dividends.
The most profitable investment that organisations can make to reduce the costs and impact of a data breach include:
- Using encryption extensively,
- Training employees,
- Appointing a CISO (Chief Information Security Officer), and
- Having an incident response team in place.
As cyber threats are a global phenomenon, it is clear you can’t do it alone. Look to credible technology partners that can deliver tried, tested and repeatable global capabilities, to keep up with the constantly changing landscape of threats and provide the latest tools available.
Develop cyber skills and education
The talent shortage in cyber is well documented, which means it’s essential we pro-actively address it today. Employees and contractors need to understand the value of data, and how to avoid putting it at risk. Training staff on best practices like encrypting sensitive data, or implementing technology controls around sensitive data, can help reduce incidents. This can be done by:
Identify your weaknesses
Just like during a financial audit where the books are thrown open, the expectation will be that an organisation be also accountable for their own cyber maturity. This requires a capability to collect and analyse data across endpoints, applications, network, cloud providers, from employees and customer behaviours. Tools can also help to better understand what is happening within the global threat landscape. IBM uses the Watson platform to bring global threat insight so that organisations can understand what’s happening within their environments.
Plan for attack
With data breaches, speed matters.
Pro-actively build a threat aware, risk-based approach to your cyber security programs. A detailed gap analysis is identified through the development, testing and simulation of a cyber-attack and will uncover the questions that need to be answered under pressure. Taking board members through a simulated incident response will inform them on the impact on customer data, so that they understand what’s expected in response to an attack, and empower you to identify the best practices to follow.
More information? ibm.com/databreach
*Read more about the reasons and costs associated with data breaches in Australian organisation IBM Ponemon 2017 Cost of Data Breach Report
I’ll also be speaking about Cyber Resiliency at the Gartner Security & Risk Management Summit, August 20-21, 2018. If you’d like to join me, you can register here.