News

Cyber Security: It’s every Australian businesses’ responsibility to protect our data. So, why hasn’t this happened?

If the past year brought out a new flavour, it would taste a lot like lack-of-security frustration, mixed with a solid dose of cyber vulnerability and a dash of data exposure.

March 8, 2023

Alex Avery, Pierre Du Preez and Brett Earle

If the past year brought out a new flavour, it would taste a lot like lack-of-security frustration, mixed with a solid dose of cyber vulnerability and a dash of data exposure, says Alex Avery, Notitia Managing Director and Founder.

"We’ve seen large-scale cyber threats and the consequences of poor cyber security, against the backdrop of a growing digital economy," he says.

"It brought the realisation that we, as a nation, don’t do enough to protect data (particularly customer and patient data) and the clock is ticking."

In the last few months we’ve seen a rush of action towards establishing a united front to defend our Australian shores from cybercrime.

Last week, Prime Minister Anthony Albanese appointed a National Coordinator for Cyber Security, announced at the Cyber Security Roundtable, as part of the under progress 2023 - 2030 Australian Cyber Security Strategy.

The Privacy Act Review Report, had been released a few weeks prior, containing 116 proposals to strengthen and modernise the act, with feedback open to the public until March 31.

In December, the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 increased the maximum penalties for serious privacy breaches to (the greater of): $50 million; three times the value of any benefit obtained through the misuse of information; or 30 per cent of an entity’s adjusted turnover in the relevant period.

Historical lack of investment in cyber security

Cyber security has been a critical part of data strategy and data governance for decades.

What has not happened in this time, however, is the critical level of investment and maturity required, across all businesses and institutions, for it to be successful as a frontline defence, says Lisa.

"Largely, Australian cyber security policy has relied on businesses to take ownership and responsibility of their own data security."

What are some of the reasons why this hasn’t been successful?

  • Ambiguous cyber security policy framework around obligations and best practices has not given clear direction to businesses.
  • Knowledge gaps in small business and the misconception that an organisation or business isn’t an attractive target or has valuable data - when it’s estimated that small businesses are the target for 43% of attacks. (need reference link)
  • Prior to December 2022, there has not been enough penalties in place to act as a deterrent, such as the European Union’s General Data Protection Regulation (GDPR).
  • Overall, a lack of (or ineffective) cyber security awareness and education campaigns targeted at Australian businesses, during the critical stages of their growth and maturity.
  • Targeted education campaigns to position businesses to understand the reactive cost and risks should an attack happen vs the cost of implementing a proactive cyber security plan
  • Data strategy maturity. Not having the right plan in place that has been industry-proofed by experts from in and outside of the business.

Cyber Security isn't just about the "technical stuff". In fact, much of the work is led as part of data strategy and data governance, via a company-wide approach.

Dealing with cyber risks is listed in the top #3 of key challenges that Australian business leaders will face this year, according to a KPMG report released in January.

KPMG Australia surveyed a mix of C-Suite executives and board members from private sector enterprises and senior public sector executives, with 473 responses.

40% of total respondents said that "dealing with cyber risks" was in their Top 5 challenges this year.

But how many business leaders are positioned in 2023 to executive a company-wide approach to data privacy and security?

Read these articles, for more cyber security insights:

➡ We read the 2023-2030 Australian Cyber Security Strategy, so you don't have to.

Let's take a look at best practice.

>Questions about how we can help? Book a meeting.

About Alex Avery, Notitia Managing Director + Founder

Alex Avery Notitia's managing director headshot

Alex Avery, Notitia Founder and Managing Director, heads our operations in Melbourne to provide data analytics and digital transformation services to more than 60 clients across Australia.

He is highly regarded for his ability to quickly analyse complex operational scenarios and provide workable solutions to achieve business objectives. This, along with considerable experience in the management of technical and business teams across both project environments and "business as usual" is the reason why most clients have come via word of mouth.

Having spent close to a decade working across Australian and global startups, Big 4 consulting and academia, Alex launched Notitia in 2019, which has since skyrocketed in growth.

Today, Alex leads his expanding team across data + analytics, design + development + strategy to help Australian clients solve their data challenges.

He sees technology as an enabler and partners with the biggest vendors to utilise best of breed software.

With the right technology and expertise, Alex says that problems of any size can be solved through valuable insights from accurate data.

Book a chat with Alex to find out how he can solve your data challenge.

Notitia's Data Quality Cake recipe