In a recent survey conduct by a multinational professional services firm based in Australia, it has been determined that many Australian organisations are not prepared to meet the increased threat of cyber attacks.
In a report produced by Minter Ellison titled, Perspectives on Cyber Risk 2017 (the Cyber Report) it was reported that 18 per cent of respondents said that their organisations were subject to more than five cyber incidents in the previous 12 months.
This figure was up from 8 per cent from the previous year.
The Cyber Report also says that by 2021, the world will see annual losses of more than $6trillion from cyber risks.
An insidious type of cyber-attack comes in the form of what is called ‘ransomware’, where instead of trying to outright “steal” data from organisations, the scammers take information and data “hostage” and then demand a fee for its safe return – cyber kidnapping, effectively.
The Cyber Report also found that 42 per cent of respondents said they did not have a data breach response plan, in terms of immediate action to take in the event of a cyber breach.
Businesses need a pro-active and immediate approach to educate their staff about the risks of cyber attacks, the various forms operating – which evolve and disseminate rapidly – and what can be done to alleviate the risks in terms of strict policy and procedure about email and online use.
Re-consideration of this issue is timely, because in February 2017 the Privacy Amendment (Notifiable data breaches) Bill 2016 passed the Senate, which amends the Privacy Act 1988 (Cth) to include mandatory reporting of data breaches. The changes will require organisations subject to the Act to notify the Australian Information Commissioner and any individuals affected by a data breach that is likely to cause serious harm.