As the world’s reliance on data and interconnectivity grows, a growing number of organisations are concerned about cyber threats and their increasing vulnerability from the Internet of Things (IoT).
In PwC’s latest report, Global State of Information Security Survey 2018, 40% of global respondents cited the disruption of Operational Technology as the biggest potential consequence of a cyberattack, 39% cited the compromise of sensitive data, 32% harm to product quality, 29% damage to physical property, and 22% harm to human life. Clearly the threat is real and can be costly to not just individual businesses, but to the nation’s economy.
It’s accepted that in 2018 cyber attacks are one of the inevitable threats that businesses – covering the spectrum of small enterprises through to multinational corporations – must face.
The rapid rise of technology brings many advantages, but also vulnerabilities, and it’s these threats – and their consequences – that weigh on the minds of Australia’s top business leaders. In PwC’s latest CEO survey, 89% of Australian respondents said they were concerned about cyber threats, up from 80% last year.
With recent breaches in the US such as the estimated 143 million record Equifax breach coming to light, and their resultant loss of up to 18% of share value after the announcement of the breach, people are recognising that there can be significant impacts to exposure and they need to remain up to date.
Australia has also experienced several high-profile data breaches recently where a large organisations’ data was taken from a smaller third party business partner. In one attack in 2016, almost 30 gigabytes of commercially sensitive information related to naval vessels and warplanes was stolen from a local defence contractor.
As a response to the increasing breaches, in Australia, the Notifiable Data Breaches scheme came into effect on 22 February 2018. As a consequence, Australian businesses are now obliged to disclose to affected parties if a breach occurs. A notifiable data breach is one that is likely to result in serious harm to any of the individuals to whom the information relates. A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.
But while this legislation forces businesses to disclose a breach and avoid public relations disasters from withholding such information, the preventative measures in place are still largely inadequate to avoid significant damage, including to a company’s share price and profitability.
According to the PwC report, while businesses are aware of the consequences of a breach, ranging from the inconvenient to the catastrophic, only 44% surveyed said they were investing more heavily in cyber security protection to a larger extent in order to build trust with customers.
The Australian figures were lower compared with the overall global results, and a fall from previous years, which can be attributable to the higher number of responses from the small to medium enterprise sector. This group of business typically has less mature security strategies than their larger counterparts.
