In this three-part series, Digital Pulse looks at how cyber security — in prevention, response and remediation — calls for a multi-faceted approach across business departments, incorporating actions across IT, legal and risk management.
Another article on cyber security? Yes. It’s understandable if your eyes glaze over. The risks may feel obvious and done to death. But cyber security incidents are estimated to cost Australian businesses up to AU$29 billion per year — that’s the equivalent of 1.9 percent of Australia’s GDP.
If that number doesn’t concern you, then this should: Cyber attacks are becoming materially more sophisticated, complex and frequent. Australian organisations in both the private and public sectors are being actively and increasingly targeted.
We’ve moved beyond the clichés of ‘those who’ve been hacked and those who don’t know they’ve been hacked’ and ‘it’s not if, it’s when’. Our experience suggests that you have almost certainly already been subjected to a cyber attack and it’s quite likely you could be under some form of cyber attack right now.
What else have we learnt through our work with Australian organisations? A cyber attack can cause a greater than estimated impact which will affect you in ways you’ve not considered. IT systems may get shut down for material periods of time (losing capabilities as fundamental as email connectivity), customers and suppliers may leave, leverage or litigate, deals may fall through, regulatory investigations may ensue (with very ‘sobering’ fines) and executives may lose jobs.
It may sound dramatic, but that’s the reality of a cyber attack. Therefore, on the heels of the Australian Government’s recently published Cyber Security Strategy 2020, we are sharing our ‘must-do’ technology, risk management, legal and regulatory recommendations — from preparation and breach response through to remediation and future prevention.
In this first piece, we tackle preparation. The effort required to prepare for cyber threats can feel discretionary or optional, a box to tick or a job for next week. But make no mistake, they’re absolutely critical to building the cyber resilience needed to protect your company. And it is needed more so now than ever before.
Look out for part two of this series in the coming weeks where we will examine how these three areas of an organisation can respond in the event an incident occurs.
For further information on how your business can shore up defences against cyber attacks, and how to respond if an incident occurs, check out PwC Australia’s cyber security site.
*For instance, the Australian Government’s response to the ACCC’s Digital Platforms Inquiry has proposed a series of initial reforms to the Privacy Act 1988 (Cth), with a more detailed review to be completed in 2021, and mandatory data breach regimes are increasingly common (impacting businesses with both domestic and international footprints).
Also contributing to this article:
Andrew Morrison, Senior Associate, Financial Advisory – Legal, PwC Australia
James Patto, Director, Financial Advisory – Legal, PwC Australia
David Stocks, Senior Manager, Consulting – Digital Transformation, PwC Australia
Helen Teixeira, Senior Manager, Assurance – Trust & Risk, PwC Australia
© 2017 - 2021 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.