The Green Room

Cyber security has to be a business priority

Written by Genevieve Norton

April 5, 2019

Mitigating cyber-attacks has become a 21st century cost of doing business but it is not enough for boards and management to just have a plan to deal with the financial impact. Serious consideration needs to be given to the reputational damage of such an event and how a company might deal with it through a crisis communication plan.   

Mandatory data breach reporting was introduced in February 2018 and affects all businesses, both listed and private, with an annual turnover of $3 million. This regulatory attention highlighted the inherent vulnerability modern businesses have to the opaque world of cyber-attacks and the potential financial and reputational harm they can cause.  

Planning for these crises and responding to them under the right communication protocols and through the right channels is required to minimise both reputational and financial damage. All stakeholders, both internal and external, require clearconcise and consistent information from the company.  

IBM’s 2018 Cost of Data Breach study determined the average global cost of a data breach is US$3.86 million and rising rapidly. This figure is of course relative with the study finding that the average cost for each lost or stolen record containing sensitive or confidential information is US$148, which is also on the rise 

LandMark White’s recent data breach resulted in 37,500 valuation records and 1,680 supporting documents being uploaded to the internet. Whilst the reputational damage to the company is clear with the four major banks, Commonwealth, NAB, Westpac and ANZ initially suspending their use of the valuers, the full financial impact is still unclearThe company has been in trading halt since February 14thhas lost the CEO and two Nonexecutive directors, while business media and shareholders continue to ask probing questions. 

The LandMark White case study is a good example of the impact a cyber security attack can have on a business. And every business is a potential target, no matter their type, size, or industry. The Verizon 2018 Data Breach Investigations Report identified that globally accommodation, education, finance, healthcare, information, manufacturing, professional services, public, and retail as top of the list of targets.  

Cyber criminals are both hardworking and relentless. They use advanced social engineering techniques to target staff members and enhance the legitimacy of scam attempts. They are also known to research organisations and individuals on social media and through publicly available information such as annual reports, shareholder updates and media releases. It is worth considering that according to Sophos Group plc (the British security software and hardware company), one in ten people who are sent a phishing email will click on the link, I imagine you have more than ten people in your organisation 

The best approach a business can take is to use a multi-layered approach including technical controls, robust internal processes, and active monitoring of systemsnetworks, cyber security trends and threats. It is also important to ensure your employees are regularly educated about ongoing scams and empowered to apply common sense.  

Equally important is for businesses to have an effective crisis communication plan in placeCan you say with confidence you could respond to an incident where customers or employees bank details were stolen? What about their home addresses and IDs? Or employment contracts? Businesses hold increasingly complex and personal information which can result in multiple scenarios playing out, such as IP being stolen by a foreign entity or customer data being held for ransom.  

Cyber insurance is now a major consideration for company boards. Given the potential for shareholder lawsuits, cyber security must be elevated well beyond just an IT issue.  

ScoMo proves to be the communicator’s communicator

Good leaders understand the value of skilfully delivering a strong message. Great leaders know how to do it. Saturday’s Australian Federal Election might have lessons for all leaders – business or political – who rely on effective communication to achieve their goals....

Proactive issues management – a case study

In crisis or issues management it is always recommended to be as proactive as possible with your communication. Being open, transparent and proactive, as best you can, will help you manage the narrative and hopefully limit the reputational downside from the event. So,...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Follow Us

Join us on LinkedIn and Twitter