Corporate Security
Worrying statistics Inaugural cyber security survey for Australia
W
hile it’s natural to assume large companies with large revenue streams would have the right measures in place to protect their assets, preliminary results from BDO Australia’s inaugural cyber security survey prove otherwise. In a first for the industry, BDO has teamed up with AusCERT, the Australian cyber emergency response team to conduct an in-depth industry cyber security survey – the outcome of which will help the market understand the challenges businesses and organisations face in the online world. Following some recent high-profile cyber-attacks, more and more companies are now being urged to be extra diligent with their cyber security and put the right measures in place to protect their intellectual property and assets. However, what was most astounding from the recent survey results was the number of Australian businesses that aren’t protected, with nearly 85% of companies with a gross revenue greater than $1 billion fully exposed to cyber-risk. These are worrying statistics given cyber-attacks and data breaches are a very real concern and the implications for businesses of this scale can be catastrophic. It also shows that cyber security insurance is very much still on the agenda. The good news is, protecting your business is certainly not an unmanageable process and those businesses that are prepared are the ones that will prevail should a cyber-attack ever occur. Preparedness comes in a range of forms, and when protecting assets, insurance is the logical fall back. While purchasing insurance could act as a security blanket for your board and executive, it’s imperative to determine to what extent cyber insurance is required for your business.
32 | Chief IT
With that in mind, here are six simple steps you should take to better understand your cyber risks and determine whether you need cyber insurance for your business. 1.Perform a risk assessment of your environment to understand your current cyber risks The first thing decision makers need to be clear on is identifying the company’s critical systems and data information assets and understanding who—in terms of cyber criminals or hackers—would be interested in them. You cannot be expected to understand what level of protection you need if you are not clear about which assets may be vulnerable. 2.Quantify these risks and model the potential impact this will have on your business. For instance, what is the financial impact to your business if you experience a cyberattack you can’t defend? Once you have completed the first step, you should then start to consider real implications. Ask yourself what the implications would be if the information in those systems were under the control of cyber criminals. Once you understand the implications it gives you a much clearer picture as to what the risks associated with those assets are. You then need to assess the cyber security controls for your critical assets and determine whether these are working effectively. This will highlight the risk exposure you have for those assets. Using risk modelling techniques, such as Monte Carlo simulations, you can then model and quantify the financial impact this will have on your business if not remediated.