The fourth industrial revolution is seeing a fundamental transformation of the way businesses operate. One of the technologies driving that evolution is the Internet of Things (IoT).
As more businesses invest in these technologies to remain competitive, cyber threats are becoming a crucial risk management issue. Such threats can shut down or disrupt operations or put commercially sensitive information at risk.
If the risks of cyber security aren’t immediately clear to businesses, they will be to customers. Customers increasingly expect the businesses they deal with to handle their data responsibly and keep their security and systems up to date.
Public expectations are being turned into law. Businesses are already required to adhere to privacy protections which deal with serious data breaches. Now, the Australian Government has passed a data breach notification law which requires businesses (and their related entities) with annual turnover above $3 million to notify affected individuals and the Australian Privacy Commissioner if an eligible data breach has occurred.
Despite this, businesses appear to be putting a relatively low priority on cyber security technology.
In our soon-to-be-released Business Beyond Broadband report, Ai Group surveyed CEOs about their businesses’ use of and investment in digital technologies, as well as barriers to this investment.
We asked businesses whether they used cyber security technology. While we did not define the term, and we can assume most businesses use some basic form of cyber security protection (such as off-the-shelf antivirus software or readily integrated software available with their standard operating systems), 78% of businesses reported that they did not specifically use cyber security technology and just 13% saw cyber security as a barrier to new digital investments.
This is in stark contrast to trends overseas and is concerning given the demonstrated ability of cyber breaches to damage reputations, disrupt business operations and bring down critical infrastructure.
The amended Privacy Act may hold businesses’ feet to the fire to elevate cyber security on the boardroom agenda, leading to improved corporate governance. However, it could also be counter-productive and create additional red tape for businesses as another compliance requirement, focused on notifying about breaches rather than improving systems at the boardroom level.
This is why we support the Government’s revised National Cyber Security Strategy, launched last year, which encourages cooperation between government and industry through various initiatives that supports businesses.
For our part, Ai Group has been running cyber security awareness sessions at the boardroom level. Following our well-received cyber security awareness session last year for SME manufacturers, we have decided to run another session for all businesses.
This time, we will have Cisco’s cyber security expert Anthony Stitt present to business leaders on the latest cyber security issues affecting businesses. He’ll be focussed on helping them know the right questions to ask their IT people on what they are doing to protect the interest of both the business and its customers. This session is about business risks and remedies, not a technical talk.