Login
Minters report flags cyber risk as among top 5 organisational risks
A new report by MinterEllison has highlighted cyber risks as being among the biggest headaches for organisations, with many failing to take regular preventative action.
Emma Musgrave
Minters’ fourth annual Perspectives on Cyber Risk report has revealed that more than half of respondents believe cyber risk now ranks in the top five risks on their enterprise risk register. This is up from 29 per cent in 2015 when the firm first conducted this report.
Despite this however, just 45 per cent of respondents say they regularly (at least annually) test their data breach response plan, according to the report.
Paul Kallenbach, MinterEllison technology and digital partner and head of its cyber security practice, said the results suggest greater awareness of privacy and data protection does not necessarily translate into action.
“What we can see from this year’s results is a continuing disconnect between organisations’ understanding of cyber risk and the practical steps they are taking to mitigate against it,” he said.
“Importantly, for company directors seeking to comply with their responsibilities in relation to cyber security, ASIC encourages an assessment of their company’s cyber security threats and vulnerabilities to understand what, where and how data is held.
“Insufficient or inadequate action to address cyber risk is a worrying trend that we’ve seen in our report since its inception in 2015. This is despite a more stringent regulatory landscape in both Australia and overseas, and recent high profile examples, such as PageUp, of the damage that a serious cyber incident can cause.”
Mr Kallenbach noted the survey results also show that, of those organisations who plan to implement AI or big data solutions, only a third have undertaken a privacy impact assessment or security risk assessment of those solutions.
“At a time when the law cannot keep up with the pace of technological change, it is incumbent on organisations to develop their own set of baseline privacy and data protection rules, and test them regularly,” he said.
“To ensure they meet Australia’s privacy and data protection laws, and avoid penalties and other legal sanctions, boards and directors need a thorough understanding of the privacy and security impact of new technologies; but they also need to translate this understanding into appropriate and considered action. Closing this gap will be an increasingly important aspect of an organisation’s cyber risk profile.”
Emma Musgrave
Emma Musgrave (née Ryan) is the managing editor, professional services at Momentum Media.
Emma has worked for Momentum Media since 2015, including five years spent as the editor of the company's legal brand - Lawyers Weekly. Throughout her time at Momentum, she has been responsible for breaking some of the biggest stories in corporate Australia. In addition, she has produced exclusive multimedia and event content related to the company's respective brands and audiences.
Prior to joining Momentum Media, Emma worked in breakfast radio, delivering news to the Central West region of NSW, before taking on a radio journalist role at Southern Cross Austereo, based in Townsville, North Queensland.
She holds a Bachelor of Communications (Journalism) degree from Charles Sturt University.
Email Emma on:
