It’s Privacy Awareness Week and today’s topic is “data breaches”. With data breaches and responding to cyber attacks becoming an inevitable part of doing business, it’s a timely reminder about the importance of adequately resourcing your IT security areas, and of having comprehensive and well-tested data breach response plans in place, as illustrated by the Fourth Annual Study on The Cyber Resilient Organization (Study), conducted by the Ponemon Institute on behalf of IBM Resilient.
The Study surveyed 3,655 IT and IT security practitioners in 11 countries and regions, including Australia. The results of the Study indicate that a majority of Australian businesses are vulnerable to cyber-attacks due to a lack of skilled personnel and incident response plans.
Some interesting results of the Study were:
- only 22% of Australian respondents agreed that they had sufficient staffing to achieve a high level of cyber resilience (globally the figure wasn’t much higher, at 30%);
- 79% of Australian respondents did not have a cybersecurity incident response plan (CSIRP) that applied consistently across the entire enterprise;
- more than half of the Australian respondents who had CSIRPs said they did not test them; and
- of the 11 countries, Australia reportedly experienced the biggest increase (70%) in the volume of cybersecurity incidents in the past 12 months, compared against 61% overall.
The Study also highlights the key characteristics of “high performing” organisations that are cyber resilient, and emphasises the need to have skilled IT personnel and consistent enterprise-wide CSIRPs.
We all see the regular occurrence of breach events – it is not like we are not well warned. With the mandatory reporting the consequences are far more public and painful, but obviously not painful enough for Australian companies to truly tackle the problem head on.