December 3, 2020

Volume X, Number 338


December 03, 2020

Subscribe to Latest Legal News and Analysis

December 02, 2020

Subscribe to Latest Legal News and Analysis

December 01, 2020

Subscribe to Latest Legal News and Analysis

Privacy Awareness Week (Data Breaches): Study Finds Majority of Australian Businesses are Ill-Equipped to Handle Cybersecurity Incidents

It’s Privacy Awareness Week and today’s topic is “data breaches”. With data breaches and responding to cyber attacks becoming an inevitable part of doing business, it’s a timely reminder about the importance of adequately resourcing your IT security areas, and of having comprehensive and well-tested data breach response plans in place, as illustrated by the Fourth Annual Study on The Cyber Resilient Organization (Study), conducted by the Ponemon Institute on behalf of IBM Resilient.

The Study surveyed 3,655 IT and IT security practitioners in 11 countries and regions, including Australia. The results of the Study indicate that a majority of Australian businesses are vulnerable to cyber-attacks due to a lack of skilled personnel and incident response plans.

Some interesting results of the Study were:

  • only 22% of Australian respondents agreed that they had sufficient staffing to achieve a high level of cyber resilience (globally the figure wasn’t much higher, at 30%);
  • 79% of Australian respondents did not have a cybersecurity incident response plan (CSIRP) that applied consistently across the entire enterprise;
  • more than half of the Australian respondents who had CSIRPs said they did not test them; and
  • of the 11 countries, Australia reportedly experienced the biggest increase (70%) in the volume of cybersecurity incidents in the past 12 months, compared against 61% overall.

The Study also highlights the key characteristics of “high performing” organisations that are cyber resilient, and emphasises the need to have skilled IT personnel and consistent enterprise-wide CSIRPs.

We all see the regular occurrence of breach events – it is not like we are not well warned.  With the mandatory reporting the consequences are far more public and painful, but obviously not painful enough for Australian companies to truly tackle the problem head on.

Rebecca Gill contributed to this piece.

Copyright 2020 K & L GatesNational Law Review, Volume IX, Number 133



About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Rob Pulham Corporate Attorney K&L Gates
Special Counsel

Rob Pulham is an experienced corporate advisory and transactional lawyer with an active technology and privacy practice representing companies in the energy, manufacturing, mining, retail, health and financial services sectors, as well as government and not for profit organisations. He has extensive experience advising customers and vendors in the technology industry, with particular focus on software licensing, data privacy and protection, and systems integration projects. In his role as a senior corporate lawyer, Mr. Pulham reviews organisational policies and practices...