The average cost of data breach per Australian organisation is almost $2.6 million per year – and rising.
In its Cyber security – Empowering the CIO handbook, Deloitte provides practical insights into the evolving role of the Chief Information Officer (CIO) in managing cyber security threats and solutions.
It also offers advice on how organisations can transform redundant cyber security approaches into effective ongoing security solutions.
Case studies from Distribute.IT (a start-up internet –related business) demonstrate how hackers can destroy a business overnight, and global health care provider Johnson & Johnson provides simple steps to developing an organisation’s people and culture security program.
Deloitte cyber risk services lead partner, Tommy Viljoen, said security needed to be top of mind and companies needed to work on the basis of having already been attacked.
“In Australia there have been over 20,000 breached records over five years to 2014 – compared to just over 29,000 in the United States – so businesses need to invest in security and work with the support of strong IT teams, and external resources, to operate more effectively and securely in our digital world,” he said.
“The ‘always-on’ nature of the internet means costs associated with breaches are likely to continue to rise each year, so it is critical that organisations ensure the basics are right around their cyber security effectiveness,” Viljoen said.
He said the handbook revealed details of 10 assertions which are mistaken as evidence of adequate security in an organisation.
"We need business leaders to actually ask hard questions about cyber security to ensure they are sufficiently informed on the state of cyber security within an organisation,” he said.
Deloitte Technology Agenda managing partner, Robert Hillard, believes the role of the CIO is now to deliver ongoing updates to the executive and board that provide insights into an organisation’s cyber security maturity, capability and improvements, incidents, responses and emerging issues.
“The CIO role is to emphasise that cyber security is not just about complying with regulation and investing in technology. It’s about protecting the business and securing its intellectual property and sensitive information,” he said.