article banner
Press Release

Cyber risk is indiscriminate: Census cyber-attack, a lesson for mid-size business

We’ve seen businesses leverage technology to disrupt markets and fuel business growth, but looking within to safeguard from cyber-attacks is a different story.

Outdated systems and lack of technology planning seems to be the status quo, leaving some mid-size businesses overly exposed to cyber risk.

Without deep pockets to fund state-of-the-art technology and a myriad of options; mid-size businesses often opt to put off implementing a tech strategy.

“Cyber risk is indiscriminate, even larger well-resourced institutions are vulnerable to attack. This week’s Census cyber-attack serves as a timely reminder for Australian mid-size businesses as to the importance of technology planning.”

“Finding a place to start among countless tech planning options can be overwhelming. Consider as a starting option, a focus on managing three key risks; third party, corporate governance and reputation,” said Matthew Green, Technology Advisory Partner, Grant Thornton Australia.

Failing to plan – plan to fail: 3 important risks to manage through technology planning:

  1. Third Party Risk: External providers are critical to business operations, which means their operating standards should be considered in business security planning to minimise the risk of their operations exposing the business to security breaches or cybercrime.

    “Selecting the right providers and detailing the right scope involves asking questions around the operating standards of the potential third party supplier. It is critically important to ask questions to uncover differences which can be addressed to minimise potential exposure within your own business practice,” said Mr Green.

  2. Corporate Governance Risk: Technology development has shifted all businesses (willing or unwillingly) to operate in a global environment. Tech security planning is no longer confined to the walls of the CIO’s office.

    The mass impact cybercrime has on a business places director accountability front and centre. Tech security should be a standing agenda item at board level. It’s vital board directors are taking an active interest in managing risk in this area. Given the rapid changes in technology, boards should be insisting on regular reports when it comes to cyber security planning for the business,” said Mr Green.

  3. Operational & Reputational Risk: How the business responds to a crisis influences confidence in the business’ ability to keep customers’ data secure.

    “Response plans are crucial in today’s operating environment. The need to be prepared for the inevitable and unknown, to be capable to defend and to have a response plan in place is critical. A clear response plan supported by clear and consistent messages to stakeholders will make the world of difference to long term business reputation and operational sustainability,” said Mr Green.

For a practical guide on how mid-size businesses can be cyber secure, click here to find out more.

- ends -

For more information please contact:

Helina Lilley
National Public Relations Manager
M  0437 725 520
E helina.lilley@au.gt.com