The spectrum of cyber risks and threats is now so significant that simply addressing cybersecurity on its own isn’t enough.
Cyber resilience, on the other hand, enables businesses to minimise disruption and continue to function in the event of a disruptive incident.
The rate of technology change and adoption has easily outpaced most businesses’ ability to manage the associated risks. These include risks to intellectual property, customer data and sensitive internal data, including data on senior executives and board members. The inevitability of a breach also demands a clear and practical cyber incident response plan.
Fraud, corporate crime, commercial disputes, litigation, and growing data security and regulatory requirements can undermine your organisation’s integrity and reputation, decrease confidence, and attract regulatory intervention as well as media attention. Data breaches and security failures can lead to reputational, financial, operational and legal risk.
Growing data privacy regulations have also started to bite, meaning businesses are feeling the commercial cost of cyber-attacks and data privacy violations. From our research of over 4,500 global business leaders in our 2019 International Business Report, we found that 57% agreed that due to new regulation there has been a greater focus on privacy issues than there has on cybersecurity in recent years.
In Australia, changes to privacy laws in 2018 introduced mandatory data breach notifications, obliging businesses to notify when a data breach has occurred, in an effort to align Australian privacy laws with the EU’s General Data Protection Regulations (GDPR).
Now more than ever, businesses need to have proven strategies to effectively deal with disruptive cyber events, understand risks and be better prepared to face these challenges – a framework of ‘cyber resilience’.
