New Australian data breach notification laws, effective in February 2018, have focused attention on organisations’ preparedness to notify of eligible data breaches. But notification is just one part of responding to a data breach or cyber incident. Data breaches are complex, often involving some combination of malicious software, misconfigured technology and humans. They might involve data theft, ransom or extortion, fraudulent transfers of cash or public humiliation. How organisations respond is similarly complex.
However, one thing is certain: How you respond to a data breach or other cyber incident can mean the difference between reputational disaster and business as usual: maintaining your clients, trusted relationships and your share price.
How prepared are you? What would you do if …
• A journalist asks for comment on reports that your customer data is being sold on the dark web
• An employee tells you they think a senior executive is transferring confidential information to her home computer
• Your finance department reports emails from the CEO approving overseas funds transfers that just don’t seem right
• Social media is reporting that one of your main cloud service providers has had a data breach
• Your IT service provider reports that a large amount of data is being electronically transferred from the organisation’s servers to an unknown overseas location
Breaches are on the rise. You are not immune
According to the Australian Cyber Security Centre 2016 Cybersecurity Survey, the majority of respondents suffered security breaches in 2015-16:
• 90% experienced some form of attempted or successful cybersecurity compromise
• 58% experienced at least one incident that successfully compromised data and/or systems
‘The cyber threat remains present. … The message to all organisations (is) that experiencing a cyber incident is not a matter of if but when and what type.’
How can we help?
Download one of our free guides: See below.
Join one of our webinars:
• Overview of data breach notification obligations in Australia
Attend a workshop:
• Security incident response workshop
Check your understanding with one of our Case Studies:
• Data breach notification case studies
Have us review your data breach response prepared-ness:
• Third party supply contract review
• Security incident response plan review
• Cyber incident preparedness exercise
• Cyber insurance review
• Privacy impact assessment or compliance audit