Business interrupted: The impact of a security breach
Director of Global Security Solutions at Telstra, Neil Campbell, talks about what you need to know about the business interrupting impacts of a breach.
Neil Campbell, Director Global Security Solutions discusses these key challenges and what you can do next.
In Australia, 60 per cent of Australian organisations we surveyed for the Telstra Security Report 2018 experienced business interruption due to a security breach at least once over the past year.
As part of our research for the report, we spoke to more than 1,250 security professionals, who told us their number one challenge is the ability to quickly detect and effectively respond to incidents. On top of this, almost one in five of the Australian security professionals interviewed estimated that their organisation responded to less than 10 per cent of the incidents they experienced over the last 12 months.
This reflects the increasing difficulty in detecting sophisticated threats such as APTs, as well as the sheer volume of alerts that pose a challenge for the limited resources of security teams.
Inconsistent availability of specialist skills also hampers the ability of organisations to respond effectively to new threats. 32 per cent of respondents identified keeping staff up-to-date with the evolving security landscape as a major challenge in their organisation.
Brace for impact
As the security landscape has evolved, so have the concerns of business. Rated fourth in 2016, this year our survey found that loss of productivity is now the primary business impacting concern among Australian respondents in the event of a breach, reflecting the increasing prevalence of incidents. Lost productivity can be expensive. Organisations have to bear costs such as wages, rents, utilities, etc. while operations have been disrupted, and also face the potential loss of revenue, for example when buyers are not able to complete purchases online.
After loss of productivity, corruption of business data and loss of intellectual property are also top concerns, reflecting the increasing importance of data in decision making and operations. These impacts will take on a greater prominence going forward as data becomes a key competitive difference for more businesses.
The coming year will likely also see heightened risk of reputational damage in light of the general public’s growing concern with data privacy and the mandatory breach reporting introduced via the Notifiable Data Breaches (NBD) scheme and the EU’s General Data Protection Regulation (GDPR).
In light of these potential threats to your business, it’s more important than ever before to know your data. At Telstra, we recommend the five knows of data protection as an effective baseline to understand your position.
The five knows are:
- Know the value of your data.
- Know who has access to your data.
- Know where your data is stored.
- Know who is protecting your data.
- Know how well your data is protected.
However, it can be difficult to effectively establish the value of data and how well it’s protected when multiple stakeholders from different business units are involved. Marketing, legal, HR and IT often have conflicting priorities when it comes to data’s visibility, value and protection, which can be difficult to synergise into a holistic strategy.
Our Cyber Security Health Check is a quick way to determine where you currently stand and discover what you can do to improve the online security of your business.