Data-hungry businesses must be alert to the risks of collecting and storing large volumes of data with cyber attacks on the rise, according to Pitcher Partners.
Sydney partner Adam Irwin said the firm’s Business Radar report revealed many organisations were torn between the appeal and advantage of accumulating data and the responsibility of handling it.
“Data is a highly valuable commodity in today’s business landscape, where everyone is striving to deliver an ever more personalised service to clients and customers,” said Mr Irwin.
“But data is also prized by threat actors and cyber criminals, and if the worst was to occur, many organisations would not be able to explain to regulators why they needed to hold that data or demonstrate that it was securely stored.”
“If there is a concern people will break into your house, you don’t keep highly valuable items that don’t need to be there. There is no doubt that holding large volumes of data, particularly that they don’t need, is risky.”
The survey found 60 per cent of respondents thought their organisation had a strong cybersecurity culture but there was little consensus about who within a business was accountable for it.
Most respondents – 54 per cent – named the IT team as responsible for cyber security with almost half of those firms outsourcing services as a way of removing risk. Another 31 per cent said executive leadership took responsibility for cybersecurity while just 16 per cent said directors were responsible.
“Ultimately, if a breach happens it is your business’s reputation on the line and your bottom line will be impacted by any disruption to your business operations, remediation cost or defence of legal challenges,” said Mr Irwin.
“According to a report by the Office of the Australian Information Commissioner, notifiable data breaches are on the rise, up 26 per cent in the six months to December 2022, and 88 per cent of them involved contact and identity business information.”
Pitcher Partners said the report found just under half of businesses were concerned about cyber attacks, with most believing their firm was not an attractive target and that hackers would focus on larger organisations.
“There is still a prevailing feeling among many businesses that a cyber attack or data breach will not happen to them, that attacks are focused on the big end of town,” said Mr Irwin.
“Mid-market businesses may feel bullish that larger organisations are more attractive for cyber criminals after recent high profile cyber incidents, but the reality is much different.”
“Every business holds that sort of information and smaller organisations are often less well protected and therefore easier targets, as well as a way to access the bigger businesses they supply.”
You are not authorised to post comments.
Comments will undergo moderation before they get published.