Are you cyber security mature? Reducing the chance of successful attacks

18 June 2019

Do you consider your business to be cyber security mature? If a cyber incident occurred in your organisation, would you be able to detect the incident and minimise the damage? Unfortunately, for many companies the answer is no.

The average cost of a data breach is significant, standing at an estimated US$3.86 million (AUD$ 5.48 million), according to the Ponemon Institute's latest report in conjunction with IBM. However, the real cost of a cyber attack goes beyond money. Reputation is an essential asset for many businesses. A data breach has a huge impact on reputation, especially when an employees or customers personal information is compromised.

So how can you increase your cyber maturity and reduce the likelihood of a successful cyber attack on your organisation? Do you understand what it takes to be cyber security mature?

What is cyber maturity?

Today, those who have achieved a high level of maturity have moved to cyber resilience. This is measured in the ability to be responsive and respond to cyber attacks. With the ongoing evolution against threats, resilience should be the goal outcome for your cyber programs.

To prepare you organisation and elevate your maturity you must be focusing on your risks and threats and how to:

  • Identify
  • Prevent
  • Detect, and
  • Respond.

As a business your cybersecurity must go beyond achieving a compliance standard.

Why is cyber maturity important?

The data from our 2018/2019 Cyber Security Survey shows that the most recent attacks have shifted from ransomware to data breaches, highlighting the financial motivations and inherent value of data. While most businesses have a good understanding of traditional cyber threats, many have a much lower insight in to more contemporary risks.

Even with the shift to financially motivated attacks, this doesn't necessarily mean attacks are going to be directly on your bank account - one in four data breaches facilitated identity theft. Any personal information that you hold can be sold and leveraged for criminal activity, and therefore holds value. As a result, any organisation that holds personal information about clients can be a target for criminal activity. Even if your business does not have direct financial risks, cyber criminals still have a motivation to attack.

Last year, the Notifiable Data Breaches scheme and the General Data Protection Regulation came into force, which makes it compulsory for eligible organisations to notify both the relevant governing body and their customers of a data breach. The chance of your customers discovering a breach is therefore much higher, as is the likelihood that your business will suffer reputational damage as a result.

Put simply, it is crucial that all organisations holding any personal information must ensure they have a good level of cyber maturity.

How to increase your organisation's cyber maturity

It is important to take a risk-based approach when tackling cyber maturity. The whole organisation must have a good understanding of the risks it faces, starting at the board level and reaching right down to front line staff. To do this, businesses should focus on culture through educating their people on the nature of cyberattacks, and how they can support the cyber resilience of the organisation and help prevent threats as an individual.

When it comes to data, too many organisations have information sitting in unstructured formats. They may not know exactly what data they hold or where it is, and often treat each piece of information in the same way, regardless of its level of importance. It is essential that businesses improve their understanding of what data they have access to - this is something that financial institutions do very well, as they hold highly sensitive information, and therefore tend to be more cyber mature.

Cyber maturity isn't just about education, however. A holistic approach should involve investments in technology and awareness. Investment levels should be aligned to your risk position, and options such as cyber insurance should be reviewed to treat your residual risk position. Individual investments will vary according to organisational needs, but they should focus on creating a risk-based approach and education.

Improve your cyber maturity with BDO

There are many facets of cyber maturity. The whole organisation needs to have an understanding of the risks their business faces, and this is something that the Australian Institute of Company Directors has highlighted as a weakness for boards moving forward. When you work with BDO, we'll help you understand the risks your organisation faces as well as what digital solutions will meet your strategic and compliance needs. Contact us today for more information on how we can help make your business cyber mature.