Cyber security is everyone’s responsibility, whether it’s junior admin staff being able to recognise a phishing attempt when they read their emails, or it’s the board determining risk appetite and strategy.
As the ASX 100 Cyber Health Check Report revealed recently, the boards of Australia’s ASX 100 companies are recognising the need to prioritise cyber risk, and taking meaningful steps to improve their skills in cyber security. Indeed, cyber security must sit firmly on the board’s agenda as a priority if directors are to avoid liability for organisational and personal liability.
The potential cost of successful cyber attacks to organisations – and potentially to individuals – is alarming. A report by the Ponemon Institute stated that the greatest cost to businesses due to cyber crime was caused by information loss, followed by business disruption. Other costs include revenue loss, damage to equipment, reputational damage and a resulting loss of customers.
The Ponemon report also found that the cost of cyber crime to US businesses last financial year was US$17.4 million, and to Australian businesses US$4.3 million. Small to medium Australian businesses pay on average more than $276,000 to recover from successful attacks.
If your organisation is one of the many who have been successfully cyber attacked, perhaps take comfort from the fact that you’re in good company:
- A large-scale ransomware campaign – called WannaCry among other names – swept across Europe in May this year, affecting 200,000 organisations in 150 countries over one weekend, including the UK’s National Health Service. Five Australian companies were affected.
- Earlier this year, Prime Minister Malcolm Turnbull asked his cyber security adviser to investigate how several senior Australian politicians were affected by a massive global breach of Yahoo’s internet services. Shadow treasurer Chris Bowen and Victorian Premier Daniel Andrews were among those with breached Yahoo accounts.
- Almost 1.3 million personal and medical records of donors to the Australian Red Cross were exposed online in the nation’s largest data breach last year, after a database was backed up on a publicly facing website. An unfortunate consequence of the breach would be people thinking twice about donating to this crucial life-saving service.
- Hackers changed the bank deposit details on the Amazon accounts of several third party vendors, enabling them to steal tens of thousands of dollars from the users.
The key takeaway: make sure your organisation is prepared. Ensure you have the policies and procedures in place to prevent and effectively respond to cyber security breaches, and make sure your staff are trained to recognise and respond to an incident.
 2016 Cost of Cyber Crime Study & the Risk of Business Innovation – Ponemon Institute – Cyber Security Analysis, Hewlett Packard