Cyber attacks are an inevitable threat to businesses operating in today’s technologically-driven world. With the Notifiable Data Breaches Scheme having recently passed into legislation in Australia, timing is paramount for our country’s businesses to have in place plans and strategies to deal with data breaches.
Under the new legislation, Australian businesses are now compelled to disclose if a data breach occurs. It’s clear from the results of PwC’s Global State of Information Security Survey 2018, that while Australian businesses are aware data breaches can occur, they may not realise how seriously it could impact their business. 40% of respondents cited the disruption of operations as the biggest potential consequence of a cyber attack and 39% cited the compromise of sensitive data. What about damage to business reputation and overall profits? There are many examples of how data breaches can negatively impact these aspects of business, with Facebook and Ashley Madison being recent examples.
With this in mind, it’s staggering that 44% of global respondents said they do not have an overall information security strategy. 48% said they do not have an employee security awareness training program. 54% say they do not have an incident response process.
So what can businesses do to better protect themselves? Implementing a management systems standard like ISO 27001 can help. ISO 27001, the Information Security management systems standard, formalises processes to protect data and also puts in place a system to be followed when a data breach does occur.
It’s not all doom and gloom! 39% of survey respondents said they were confident in their abilities to identify the culprits of a cyber attack; and 44% said their boards actively participate in their overall information security strategy. Using a robust management systems standard, such as ISO 27001, can help protect customers’ personal data, and a businesses’ overall reputation and bottom line.
Check out the infographic below which provides a summary of some of the key findings of PwC’s Global State of Information Security Survey 2018.