- October 11, 2017
- Posted by: Defend Wise
- Category: Cyber Security
Ecommerce has revolutionised our economic landscape. In more recent times, however, the threat to online security has escalated at an alarming rate. So what are Australian companies doing to ensure that their data and information is protected?
Last year the ASX and Australia’s corporate regulator stepped in to define a new approach to cyber security amongst Australia’s largest organisations – challenging them to revisit their online security risk with the introduction of a cyber security health check. The initiative reflects a similar program launched among the UK’s FTSE 350, and aims to improve corporate cyber security in Australia’s top 100 companies.
ASX group executive Amanda Harkness states, “Increased awareness and engagement by directors of listed companies are important steps in building the cyber resilience of Australian businesses…the better informed boards become, the more effectively they can assess their cyber security risks and opportunities, identifying areas where improvement is required.”
“We encourage Australia’s largest listed companies to play their part,” says Harkness, thus reassuring shareholders that the top 100 Australian companies are taking their cyber security seriously.
The cyber security health check program will involve participants responding to a series of questions aimed at deciphering their companies approach to cyber security. The questions are designed to elicit specific information around the company’s involvement with technology breach issues such as use of cloud servers, its strategy on protection of data assets and critical information; and if the CIO keeps participants informed of changes to their online security.
The program couldn’t come at a better time for Australian companies with breaches of security said to cost our economy up to $1 billion per year. Highlighted recently when Australian household brands Kmart and David Jones were involved in cyberattacks which saw email addresses and personal details being stolen. The Australian Red Cross Service was also targeted by cyber attackers with details of around 550,000 blood donors exposed online. Whilst these attacks are perpetrated against companies directly it’s the safety of everyday Australian families which is ultimately compromised.
Australian businesses are now clearly prioritising cyber security, but there’s plenty more work to be done. At security and innovation summit last year, the ASIC commissioner Cathie Armour compelled board directors to develop more robust action plans around their risk of online exposure saying, “we do think there is one universally incorrect answer [for directors], and that is ‘I am not sure about our cyber resilience, ask the ‘IT guy’… I would encourage board members to think about lifting their capability in this area … and find ways they can get more confident in the space.”
Mandatory reporting of breaches – don’t get caught out
The Mandatory Data Breach Notification scheme is expected to be in place early 2018. Businesses that turn over $3m or more will be legally obliged to notify the Privacy Commissioner and customers if they’ve experienced a data breach.
If a company fails to do this, they could face fines of up to $1.8 million for organisations and $360,000 for individuals.
To find out more about the scheme, how it impacts you, and ways to protect against a breach, contact Defend Wise to chat with a Cyber Security Expert today.