Failing to understand and mitigate cyber risk can damage your reputation, give rise to legal liabilities, breaches of privacy, increase costs and have other material adverse effects. With opportunities and multiple access points available for attack, the best approach to cyber risk is to always assume that your digital assets are in a constant state of attack.
To combat cyber risk, you need to assume that you are a target, even if you don’t know who is targeting you or for what reason. Don’t get stuck in reactive mode. Focus on what can be done proactively to manage the problem before it occurs. While you rely heavily on information technology to conduct your business this is not just an IT issue.
The identification, assessment, management, reporting and monitoring of cyber risks should not be treated differently to any other risks. To proactively understand and manage your cyber risk exposure the following approach is recommended:
- Include cyber risk in your risk profiling and reporting tools
- Ensure appropriate and tested information technology and systems controls
- Consider your workforce and human vulnerabilities to cyber risk
- Identify and appropriately manage data and information that has value to you or others, or could result in a breach of privacy obligations
- Develop a plan to respond to a cyber breach (This may form part of your business continuity plan)
- Consider cyber liability insurance
For more information please contact the risk and governance services team on 08 9483 8888.