The Australian Cyber Security Centre’s annual Cyber Threat Report for FY21 makes for sobering reading, revealing 67,500 cybercrime reports were made in that year (a 13% YoY increase), and estimated to have cost Australians $33 billion. Following the report’s release, Honan hosted a cyber seminar with partners Clyde & Co., sharing the latest updates on the cyber risk landscape, practical strategies for managing the growing risks, as well as regulatory changes to data privacy, and upcoming legal reforms set to affect businesses. As emphasised in the seminar, no industry is immune from the impacts of cybercrime. Here are our key considerations for business leaders to keep in mind as they navigate the evolving situation:
1. Cyber insurance is critical
A robust cyber insurance policy works to complement existing IT security systems to protect your organisation against damages that can result from cyber attacks, data security breaches, and costs associated with response and recovery. While cyber insurance is an essential part of a business cyber security toolkit, it is not a standalone solution. Learn more about how cyber insurance can compliment your cyber security strategy here.
2. Embed a tailored Cyber Incident Response Plan (CIRP)
An effective CIRP is a framework designed to protect your business’ reputation, minimise losses, limit business disruption, and help businesses avoid common mistakes in the event of a cyber incident. This plan should be reviewed on an annual basis and clearly define the roles and responsibilities of relevant key staff. Critically, in the event of a security breach, if a board can demonstrate that 1) they were aware of a cybersecurity risk, and 2) that they activated a framework to mitigate that risk, it is less likely to risk breaching its fiduciary duties under both the Privacy and Corporations Acts. To find out more about developing a CIRP to meet your business’ needs, speak with your broker.
3. Understand your governance requirements
Changes in governance expectations, director liabilities, and regulatory reform is seeing business leaders place significantly more emphasis on their organisations’ cybersecurity and risk management strategies. Directors can be held responsible for not acting to progress a company’s cybersecurity framework and may be punished if they are found to have failed to ensure a company has an adequate cybersecurity risk management plan in force, not responded in a reasonable time frame to a known data breach or failed to respond altogether. You can read more about this in our simple summary.
4. Multi-Factor Authentication (MFA) is a must
MFA is a method of electronic authentication that requires a user to provide at least two forms of identity verification before access is granted to a program, network, or system. Ensure MFA is installed across all remote working systems for your business’ employees, contractors, and vendors. Learn more about MFA and password best practice in this guide.
5. Use a separate Virtual Private Network (VPN) for remote working
With hackers taking advantage of widespread remote working arrangements, it is more important than ever to ensure your staff use a separate VPN whenever they are working outside the office. This is vital for various reasons in preventing security breaches. It is equally important to notify your broker that these procedures have been implemented because this helps them to gain access to insurance capacity as a risk transfer solution for your business.
WITH YOU ALL THE WAY
Click here to watch the Cyber Seminar Recording and enter the Passcode: HbK+7U7P
You can find out more about managing your business’ cyber security in our Cyber Capability Statement.
Placement Manager – Professional & Executive Risks