As businesses become more digitised to get a market edge – or just to keep up with the competition – they need to view cyber security as a risk management issue for the boardroom.
While it is easy to throw cyber security into the IT too-hard basket, it is in fact a big issue that can devastate a company’s brand and reputation. Broader questions need to be asked about things like:
- Has the company’s risk management team considered cyber security in terms of risk impact, and not just as an IT issue?
- Has the finance team assessed the cost impact of a cyber shut down? Can it be covered by insurance?
- Has the HR team considered whether being cyber security aware should be included as a KPI to ensure the company’s values are not damaged through poor staff judgement?
Here’s an alarming figure, according to a recent finding in Telstra’s Cyber Security Report 2016: “Nearly half of Australian organisations have not yet put in place the tools to track and monitor shadow IT which is leaving organisations exposed to potential valuable data loss.”
It is timely that the Prime Minister recently launched the Australian Government’s revised Cyber Security Strategy. A core message of the Strategy is to improve government, industry and research institution collaboration to address the evolving cyber security threats in Australia, as well as promoting innovation.
Overall, Ai Group supports the Strategy, which has a number of positive initiatives. One of these will see Government work with industry to develop voluntary good practice guidelines for improving cyber security resilience. From Ai Group’s experience many businesses, especially SMEs, don’t yet know how to meet an appropriate standard for managing cyber security. These guidelines may help, but they will take time to flow on to SMEs – the Government intends to target ASX100 companies first and then expand to other companies and the broader public.
Where does that leave SMEs right now, with 84% of them already connected to the internet? The Government’s plan to “provide support for some 5000 small businesses to have their cyber security tested by certified practitioners” may help if implemented well.
Another possible way to help SMEs is the PM’s Strategy to “improve national cyber security awareness… through sustained joint public-private awareness initiatives and education campaigns”. As the PM stated in his speech, “awareness is one of the most important means we have to ensure a higher level of cybersecurity”.
On this point, as part of our Digital Business Kits service, Ai Group recently interviewed US and international cybersecurity expert, Melissa Hathaway, about what companies need to consider in cyber security management as they become more digitised. See here for her insightful advice.
Ai Group is looking to build further and support the joint public-private national cyber security awareness and education campaign. We welcome the opportunity to continue working with industry experts and governments to promote the benefits of a digitised economy alongside cyber security awareness.
Cyber security is an issue that will never go away – these threats will change and evolve over time. Businesses pursuing opportunities online will need to stay informed.
Does your business have an ongoing strategy to deal with cyber security threats? Or have you learned the hard way that it doesn’t pay to ignore the issue? Please comment below to share your thoughts and experiences and start a conversation.