Advertisement

Cyber security is a must for your business toolkit

Cyber security is no longer just a risk management measure. It’s increasingly becoming a ‘must have’ for winning new business, writes commercial lawyer Brett Cowell.

Jun 21, 2021, updated Jun 21, 2021
Photo: AAP

Photo: AAP

Every day we read about cyber attacks on organisations and the enormous damage inflicted.

The number of attacks is on the rise and with organisations increasingly reliant upon cyber systems and storing large volumes of data, the consequences are growing.

In addition to direct financial damage resulting from lost and interrupted business, hacking may also cause significant reputational harm.

It’s not a case of “if” you get hacked, but “when”.

While the very real risk of cyber attack is prompting businesses of all sizes to take a closer look at their security systems, there’s an added incentive to be cyber resilient.

Cyber credentials in demand

As a commercial law firm representing many organisations across industry, we see our fair share of tender documents and requests for proposals.

There has been a marked increase in the number of these documents now requiring information from tenderers about their cyber resilience measures including data storage and protection.

This is not surprising given business exposure to system penetrations via third party suppliers.

In the United States, Target Corporation lost 110 million customer credit card and personal data records after hackers gained access via an external service provider.

Companies that store valuable data with third parties or provide third party access to their IT systems are rightfully wanting to know more about the security arrangements and practices of any business they engage.

As reliance on digital systems and business in the online world grows exponentially, the need for robust cyber resilience is not optional.

Suppliers that cannot prove their cyber systems and security measures are strong will be putting their business at serious risk and will be effectively closing the door on future work.

Taking on the responsibility

Many business owners, operators and directors delegate all responsibility for cyber security to their IT team without giving it too much additional thought themselves.

That approach is no longer an option.

The decision makers in any business and especially company directors have to take more responsibility for and interest in setting the cyber security strategy.

If a company suffers loss from a cyber attack and its directors have not exercised real diligence about the company’s cyber security, they risk being liable for a breach of their director’s duty of care.

Business leaders must have an understanding of key cyber considerations including:

  • The company’s IT and data storage systems
  • Risks and potential impacts of a cyber breach
  • Protection, mitigation and risk management strategies
  • Expertise, experience and capability of the IT operations team
  • Internal reporting processes
  • Cyber security and breach response and recovery policies and procedures.
InDaily in your inbox. The best local news every workday at lunch time.
By signing up, you agree to our User Agreement andPrivacy Policy & Cookie Statement. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The IT department of course still has a vital role to play in cyber security.

However, these matters need to also be part of discussions right across an organisation and instilled in workplace culture, from the frontline to the boardroom.

Building cyber resilience

Building and maintaining cyber resilience is a key tenet of risk management for virtually all organisations. On a typical risk matrix, realistically, the likelihood of cyber attack is medium to high and the impact or effect of a significant successful attack is high to extreme.

And it’s not just the external risk to safeguard against.

A high percentage of system penetrations come through lack of cyber awareness or poor and unsuspecting behaviour of people within the organisation itself.

This can include clicking on compromised email attachments or links, visiting websites that download malware and using out-of-date or easy-to-hack security settings.

The flexible working environment brings with it another layer of risk.

Resilience is built around the ability to prevent, detect, respond to and recover from a cyber attack.

It’s recommended that businesses undertake an audit of their preparedness and performance across these areas as well as practice disaster recovery plans, particularly in a mock cyber attack scenario.

Personally, I find it interesting that businesses practice fire drills regularly yet the likelihood of a fire is very low.

The opposite is true for cyber attacks.

Brett Cowell is Chairman of Adelaide commercial law firm Cowell Clarke.

Local News Matters
Advertisement
Copyright © 2024 InDaily.
All rights reserved.