Why you should benchmark your organisation
There are many obvious reasons for determining the cyber maturity of your organisation. One of the most obvious is that it will assist with compliance to regulations such as the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB) and the General Data Protection Regulation (GDPR). It’s important to note that non-compliance brings a greater risk of significant financial fines and reputational damage associated with a data breach.
Looking beyond the ‘mandatory’ is where the true value resides. Instilling proactivity and transparency in your organisation’s cyber security preparedness and response is the best way to protect against and recover from any cyber attack.
The first step on this journey is knowing where your organisation is now on its maturity journey. Knowing how it compares to peers and assessing its strength against the attack types and sources its peers are reporting is also vital.
While the traditional costs of an information security incident have been difficult to quantify, the costs of a data breach, both direct and intangible, now often outweigh the cost of their mitigation.
Add to this the increase in public awareness of information security and it has become evident that wider reputational impacts from a data breach can lead to heavier (and more difficult to quantify) costs. Put simply, you cannot insure against reputational damage. It’s a long, hard road back, no matter the size of your organisation.
The Children’s Hospital Foundation (CHF) Board showed interest in BDO’s Cyber Security services after receiving the annual BDO and AusCERT Cyber Security Survey as a benchmarking activity. The survey was presented to the Finance, Audit and Risk Committee, who agreed to engage with BDO, as the process of completing the survey highlighted a range of internal questions and enquiries.
Download the 2018/2019 results report