January 27, 2020

January 24, 2020

Subscribe to Latest Legal News and Analysis

Privacy Awareness Week (Data Breaches): Study Finds Majority of Australian Businesses are Ill-Equipped to Handle Cybersecurity Incidents

It’s Privacy Awareness Week and today’s topic is “data breaches”. With data breaches and responding to cyber attacks becoming an inevitable part of doing business, it’s a timely reminder about the importance of adequately resourcing your IT security areas, and of having comprehensive and well-tested data breach response plans in place, as illustrated by the Fourth Annual Study on The Cyber Resilient Organization (Study), conducted by the Ponemon Institute on behalf of IBM Resilient.

The Study surveyed 3,655 IT and IT security practitioners in 11 countries and regions, including Australia. The results of the Study indicate that a majority of Australian businesses are vulnerable to cyber-attacks due to a lack of skilled personnel and incident response plans.

Some interesting results of the Study were:

  • only 22% of Australian respondents agreed that they had sufficient staffing to achieve a high level of cyber resilience (globally the figure wasn’t much higher, at 30%);
  • 79% of Australian respondents did not have a cybersecurity incident response plan (CSIRP) that applied consistently across the entire enterprise;
  • more than half of the Australian respondents who had CSIRPs said they did not test them; and
  • of the 11 countries, Australia reportedly experienced the biggest increase (70%) in the volume of cybersecurity incidents in the past 12 months, compared against 61% overall.

The Study also highlights the key characteristics of “high performing” organisations that are cyber resilient, and emphasises the need to have skilled IT personnel and consistent enterprise-wide CSIRPs.

We all see the regular occurrence of breach events – it is not like we are not well warned.  With the mandatory reporting the consequences are far more public and painful, but obviously not painful enough for Australian companies to truly tackle the problem head on.

Rebecca Gill contributed to this piece.

Copyright 2020 K & L Gates


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Rob Pulham, KL Gates, Corporate technology requirements lawyer, contracts drafting attorney
Senior Associate

Mr. Pulham is a corporate and commercial lawyer. His practice includes advising clients in managing their technology requirements and contracts (including drafting, review and negotiation of contracts for the provision of technology products and services), providing advice regarding privacy, data protection and copyright law, marketing and advertising, website content and general commercial intellectual property advice.

Mr. Pulham's experience includes having worked for leading technology suppliers, large Australian financial institutions, and food and beverage manufacturers, as well as Australian and Victorian government agencies.