Minimising impacts: More work required to boost cyber resilience

12 June 2019

Leon Fouche, National Leader, Cyber Security |

Over the past few years, we have seen an increased focus on cyber security awareness and security investments.  The increase in awareness has translated to organisations contributing more resources towards security risk / attack prevention and limited investments going towards incident response. 

The 2018/2019 BDO and AusCERT Cyber Security Survey Report shows that improving a business' ability to respond to a cyber incident is crucial to its success, especially in today’s world where cyber threats according the World Economic Forum’s annual risk report are considered as much of a hazard as natural disasters or climate change.

IT security budgets increase for third year in a row

This year's report found that by 2020, 85 per cent of respondents plan to implement regular cyber security risk assessments, while 86 per cent expect to have a cyber security awareness program in place. This demonstrates that when the Board is actively involved in cyber risk management and understands the cyber risk landscape, it's willing to assign the required resources to address it. Therefore, it comes as no surprise that IT security budgets have increased for the third year in a row (helped by the additional compliance requirements of the General Data Protection Regulation and Notifiable Data Breaches scheme).

Even with the increased investment in cyber security, one third of respondents still experienced an incident in 2018 - highlighting that attacks are a fact of life for businesses in any industry.

Minimising the impact of cyber incidents through response plans

To become cyber resilient, organisations need to invest more resources into planning and preparing for an attack. The focus areas should include the development of data breach and cyber incident response plans and the adoption of cyber insurance. These controls can afford organisations the opportunity to minimise the impact of breaches, while ensuring rapid investigation can occur.

The 2018/2019 report found that organisations with a cyber incident response plan and capability were able to detect and respond more effectively to data breach incidents than those without plans. It also found that those with incident response plans and preparations are reporting more data breaches than those without because of their improved capability to detect the incidents.

The survey also found that organisations with cyber plans and preparations in place experienced reduced incident impacts. These include:

  • Less disruption and system downtime
  • Shorter incident durations
  • Minimised reputational damage.

To effectively respond to incidents and reduce their impact and damage, organisations need to be proactively establishing, rehearsing and optimising incident response plans and capabilities.

To find out how BDO can help, reach out to the team today or click here to download the report.