Data is more valuable than it has ever been before - to both organisations and cyber criminals. While it is an asset it can also be a liability, as recent serious data breaches have clearly illustrated. It’s also an issue businesses need to better understand and tackle head on, with PwC’s recent Digital Trust Insights report indicating 90% of Australia’s C-suite viewed public information sharing and transparency around cyber incidents as a risk that could lead to a loss of competitive advantage.
The impacts of data breaches are far reaching and can include:
- Adverse media coverage, loss of shareholder confidence, consumer reluctance to share data or purchase in the future
- Customer exposure to fraud/financial harm, fear and burden of protecting themselves from the impact of breached data.
- Supply chain impacts from breaches of contract/obligations, non delivery of service level agreements and associated penalties.
- Business disruption as executives and key staff are redirected from their primary roles to to conduct investigations and deliver containment and response initiatives.
- Litigation and class action lawsuits
- Greater Regulator scrutiny and exposure to Conduct Investigations, Determinations, Enforceable Undertakings and Injunctions
Solving through five areas of focus
It’s not surprising data breach preparedness is on the minds of executives in organisations all over Australia. Organisations need to understand the key risks they are exposed to address vulnerabilities and have robust and practiced plans in place so they are ready to respond. At PwC, our community of solvers approach data breach readiness through five key areas of focus:
Identify is about understanding what data you have, where it is stored and who owns it and protects it, including third parties.
Minimise is about reducing risk with respect to the data you’re holding. Do you need to keep it all? Are you obliged to hold it as per regulation? Can you take proactive steps to minimise the impact of a potential breach by reducing that volume of data?
Secure is focused on the technical measures to keep data secure. Do you understand what vulnerabilities might exist on your external-facing systems? Are you taking preventative steps to harden your external-facing systems? Do you have the ability to detect and respond in a timely manner?
Prepare is about having the plans and procedures in place to respond in the event of a major cyber incident. Do you practise and rehearse those plans? And are you doing that holistically, engaging the entire organisation?
Govern is about ensuring appropriate governance is in place across privacy, cybersecurity and data. Do you have oversight of your operational processes? How about application development and project lifecycles?
To assist organisations assess their readiness to respond to a data breach and form a plan to address vulnerabilities, we’ve developed a Data Breach Readiness Diagnostic. It breaks the 5 areas of focus down into easy-to-understand questions to help you determine your level of data breach readiness and provide a benchmark as to how your organisation compares to others.
If you’d like to know more, please contact one of our team.
Contact us
Robert Di Pietro
Cybersecurity & Digital Trust Leader, PwC Australia
Tel: +61 418 533 346