Insight

The importance of cyber security in family business

By:
Addison Li
insight featured image

According to Family Business Australia’s 2021 Survey, 63 per cent of all Australian family businesses were committed to transforming their data capture, technology and cyber security systems within the next 10 years - the second highest area of importance under the survey’s scope.

 

However, only 11 per cent of the same participants considered cyber security a threat to their continued business health over the same period. With the recent string of high-profile cyber security issues seen in the media, this number may be markedly different if the survey was conducted again.

Family businesses are some of the most commonly targeted entities for cyber criminals

You may think that your business is too small to target – too insignificant to warrant the attention of the widely publicised cyber-criminal groups that chase multimillion dollar ransoms. In reality, a large number of criminal groups exist around the world, exploiting the entire spectrum of online activity – ranging from individual social media accounts to sovereign nations – and family groups do not get a free pass. In fact, they make enticing targets for malicious actors due to a range of factors:

• Poor understanding of and investment in cyber security.

• Escalating usage of digital infrastructure due to increasing work-from-home operations.

• Owners may be more willing to meet criminal demands to restore business operations or maintain personal/social reputation.

• Personal information of key staff or family members being more readily accessible through social media or other online channels.

The Australian government has significantly increased the penalty for repeated or serious cybersecurity breaches in the wake of recent events. Companies are now potentially threatened with fines consisting of the greater of:

• 50 million dollars (AUD).

• Three times the value of any benefit obtained through the misuse of information.

• 30 per cent of a company’s adjusted turnover in the relevant period.

As a result, the consequences of a cyber security incident on a family business may be significant, especially considering most do not have the human or financial resources to mitigate the potential reputational, legal and financial repercussions that may result.

A 2019 survey conducted by the Australian Cyber Security Centre (ACSC) found almost 50 per cent of small to medium enterprises (SMEs) reported spending less than $500 on cyber security each year – yet 62 per cent of respondents had suffered a cyber security incident. So how can you be confident in your cyber security?

Improving your cyber security maturity

Unfortunately, the smaller size of family businesses means any compromise of your digital infrastructure may be exponentially more difficult to recover from. Therefore, it is critical your business recognises the need to invest in cyber security tools and frameworks appropriate to the size and sophistication of its processes.

Regardless of your industry, size or turnover, it’s important to recognise the specific risks relevant to your business and implement potential controls to deal with them that are effective yet aren’t a burden on your staff or budget. The ACSC’s Essential Eight Cyber Security Guidelines is pragmatic and cost-effective. It is a high impact exercise for any organisation designed to quickly improve businesses’ ability to prevent, detect and respond to cyber security breaches. This would be the best place to start.

What action should your family business take?

• Recognise the specific risks relevant to your business and implement potential controls - consider items such as payments, online presence, mobility and age of systems.

• Invest in cyber security tools and frameworks appropriate to the size and sophistication - the Essential 8 is a great starting point.

• Conduct a data audit to ensure you are not collecting and storing personal and sensitive information that you perhaps don’t need in the first place or shouldn’t retain.

• Build awareness because cyber is as much cultural as it is technical. Invest in monthly cyber training for your team members.

• Test your systems and processes to find vulnerabilities and implement fixes as required.

How we can help

Please contact your Grant Thornton representative if you wish to discuss what cyber security services are right for your family business.