02. Risk

Why Australian businesses need to make time to prioritise cyber

Cybersecurity is the number one risk on many risk registers, with the impact of COVID-19 seeing a spike in online scams and the targeting of poorly maintained technologies. In 2021, businesses will need to stay up-to-date with cybersecurity insights and identify risks, including the financial and reputational impacts of cyber-attacks. As you design, deliver and evolve your cyber programs, here are the key cyber matters for 2021:

Web applications and cloud

As organisations integrate with cloud or internet-based technologies, which by their very nature require robust security measures for their entire lifecycle, internet accessible systems and applications remain an area of great risk. Whether solutions are developed in-house, or businesses are relying on third parties, unsecured internet-facing systems will continue to be targeted.

Constant cyber-attacks

Sophisticated attacks are persistent, including high stakes ransomware attempts as well as the constants of phishing campaigns and social engineering. With the average cost of a data breach around USD $3.85 million (over 5 million AUD)1 be vigilant and rehearse your security approach diligently. If businesses are complacent or even cyber fatigued, this will result in highly disruptive consequences, with significant reputational and financial impact.

Data is a new superpower

There is ongoing focus on the use and sharing of aggregated data, including de-identification of sensitive and personal data, and how it is protected in line with ethical and regulatory obligations. Cyber is a contributory voice to this debate. Organisations must address the benefits and risks of enhanced data usage, while considering commercial, public and national interests.

Supply chain and third parties

Due to a significant rise in public data breaches involving multiple parties and complex supply chains, boards and executives will demand greater transparency in their digital supply chain and third party risks specific to cyber. There will continue to be increased regulation in this area, as many entities become clearer on their shared ecosystem responsibilities.