Alec Christie

DLA Piper and Aon Australia, a business of Aon plc, have partnered to host a Network Security & Privacy (NSP) Symposium in response to growing concerns over cyber-risk and the potential jurisdictional and liability issues faced by Australian corporates who find themselves victim to cyber-attack or data breaches.

The series of events take place in Sydney, Brisbane and Melbourne on 2, 3 and 4 September respectively.

According to US-based Kevin Kalinich, Aon’s Global Practice Leader – Cyber & Network Security Risks, many organisations fail to realise the true impact of an NSP-related issue, both from a reputational and a financial perspective.

“Most high profile cyber and network security risk-related stories in the media concern data breaches that affect individuals on a personal level such as credit card numbers, medical records and banking details. However, loss of corporate data, including intellectual property, commercially sensitive client data and proprietary information, or the event of such material landing in the hands of a competitor or extortionist can pose potentially catastrophic risks to entire businesses.”

He sounded a stark warning to executives who take a “head-in-the-sand” approach or consider NSP as an IT or technical issue.

“To date, the issue of NSP has been seen as “IT’s problem” or something for the “techies” to worry about but this is a mistaken view that has long had its day. Board, directorial and other governance-related responsibilities land the issue of NSP squarely at the feet of an organisation’s senior executive,” said Mr Kalinich. “A major failure of NSP will land not with the IT department but with the Board, CEO and other executives – who are ultimately answerable both to Corporations Law and the vote of shareholders. Organisations in Australia are generally ill-prepared from a risk management perspective when it comes to NSP-related issues and they just can’t afford to be,” said Mr Kalinich

Sydney-based DLA Piper partner, Alec Christie, says: “Despite a company’s best endeavours, data breaches are more a question of when and how, rather than if. Cyber-attacks (including theft, fraud, sabotage, espionage and hacking) are becoming increasingly prevalent and sophisticated. But it’s still the case that the most basic security can prevent over 60 percent of the current type of cyber-attacks.

“While Australian corporations are known the world over to be early adopters of technology and the online business model, our ability to properly deal with data breaches has fallen behind. Now with the new Australian Privacy Principles (APPs) coming into effect, organisations have clear security and privacy obligations and a failure to meet those obligations will expose them to fines of up to AU$1.7 million, on top of any costs flowing from the data breach.”

In 2010 and 2011, 2.95 million cyber-attacks were detected in Australia, resulting in losses of up to AU$595 million.

The top five tips for companies to reduce the risk of cyber-attack/data breaches and mitigate potential liability are:

1. Understand your unique exposure (and what and where your “Crown Jewels” are)
2. Understand your potential legal liabilities
3. Make it a Board, Management and company-wide issue
4. Have a trained response team and Board approved strategies in place before a data breach/cyber-attack
5. Constantly review and update your risk management policies to ensure they are comprehensive and tailored for your organisation.

The post Australian companies behind the curve on cyber and network security, expert panel warns appeared first on AdviserVoice.