Cyber Security is not just an IT Problem – How to adequately assess your cyber security strategy.

28 November 2016

Michael Cassidy , National Leader, Forensic Services |

Cyber security is of growing importance for organisations around the globe and, despite popular belief, is no longer just an IT problem. More recently we have seen an increase in the prevalence of cyber security issues in Australia stemming from, not only, external threats but also internal exposures. From the denial of service attacks on the Australian Government Census site to the accidental release of half a million blood donors’ details from Red Cross’ database, it seems no organisation is immune.

So how can your organisation protect itself from cyber threats and exposure?

Having an appropriate cyber security strategy is paramount to keeping your organisation safe.

As previously mentioned, the threats facing organisations are both internal and external and are constantly changing in volume, variety and sophistication. As such, your organisation’s cyber security strategy needs to be adaptable and evolve in line with the current and increasing new threats to ensure you are protected from potential breaches.

Regularly reviewing your cyber security strategy is, therefore, of vital importance but what, exactly, does your organisation need to consider when formulating or reassessing its cyber security strategy?

We suggest you ask yourself the following questions:

  • Have we identified all risks facing our business both internally and externally?
  • Do we have measures in place to mitigate and manage these risks?
  • Do we have plans, resources and capabilities to Identify, Detect, Respond and Recover when our Risks become a reality?
  • Are Management and the Board aware and informed about cyber risk exposure?
  • What would be the impact on our business should a cyber incident occur and how do we respond?
  • Who and why would someone benefit from having access to our information?
  • What do we need to do to be more secure against potential treats?
  • Do we have a security-conscious culture and behaviours in our business?

Failing to give adequate consideration to the above can mean real consequences and costs for your business including, costs associated with disruption of services, fraud, lost revenue, reputational damage and legal proceedings.

How can we help?

We can help you achieve cyber resilience by providing tailored cyber security services, focusing on your specific operating model, technical demands, regulatory environment and industry dynamics.

We can help you understand your cyber risks and implement cyber resilience strategies to minimise the impact of a cyber-attack on your business. Our cyber security professionals have a diverse range of backgrounds including IT, operations, data privacy and forensic technology. 

Alternatively, if this article has raised immediate concerns, please do not hesitate to contact me.

This article has been carefully prepared, but has been written in general terms and should be seen as broad guidance only. The article cannot be relied upon to cover specific situations and you should not act, or refrain from acting, upon the information contained therein without obtaining specific professional advice. Please contact the BDO member firms in Australia to discuss these matters in the context of your particular circumstances. BDO (Australia) Limited and each BDO member firm in Australia,  their partners, employees and agents do not accept or assume any liability or duty of care for any loss arising from any action taken or not taken by anyone in reliance on the information in this publication or for any decision based on it.