The ASX and ASIC have this week launched a new cyber health check for Australia’s top 100 listed companies. The voluntary survey, an initiative promised in the government’s $230 million Cyber Security Strategy announced earlier this year, aims to improve the cyber security defences of Australia’s largest companies.
The 2016 Cyber Health Check explains the intent of the survey is to raise awareness of cybersecurity as the board level and share best practice approaches. This is to ensure that boards are more informed as they assess their own security capabilities and plans.
Participants in the survey will be asked to respond to a series of multiple choice questions that will determine if they have a clear understanding of their company’s data, and whether they receive high-level intelligence from their CIO.
ASX group executive Amanda Harkness said the sharing of best practice approaches was critical to businesses.
“Increased awareness and engagement by directors of listed companies are important steps in building the cyber resilience of Australian businesses,” she said.
“The better informed boards become, the more effectively they can assess their cybersecurity risks and opportunities, identifying areas where improvement is required.”
In June this year IBM and Ponemon Institute released the 2016 Cost of Data Breach Study and found that the average total cost of a data breach paid by a company is $2.64 million. Over the years IBM has found that the cost of data breaches has not fluctuated significantly, meaning advances in cybersecurity technology have yet to have a great impact on loss of data and business.
Last year Kmart recorded one of Australia’s largest data breaches, which saw customer data stolen by external hackers. Customer names, addresses, phone numbers and product purchase details were stolen in the attack, however Kmart confirmed that no credit card details had been compromised.
In response to the number and scale of security breaches around Australia, in April this year the federal government launched a new Cyber Security Strategy. The strategy set out a total of 33 initiatives, one being the Cyber Health Check survey, to help anticipate and respond to cybersecurity threats. The government worked with professional service firms like KPMG, EY, PwC, Deloitte and CERT Australia to develop the survey, a similar initiative that has already taken place in the UK.
Alongside the survey, the government has also introduced a bill to put forward mandatory data breach notification rules, meaning companies that have been breached will need to report the incident and notify customers that have been directly affected. Failing to do this, a company will face fines of up to $1.8 million.
Earlier this year Turnbull explained that the strategy would set out the government’s philosophy and program for meeting the dual challenges of the digital age: advancing and protecting Australian interests online.
“We do not view our security and online freedoms as mutually exclusive. To the contrary, they reinforce each other. A secure cyberspace provides trust and confidence for individuals, business and the public sector to share ideas and information and to innovate online,” he said.
Image: Cyber hand. Source: CIO.