Executive summary
Solid cyber security is one of those things SME owners and startup founders
realise is important but often struggle to get around to focusing on. Unfortunately,
cybercriminals don’t make any allowances for busy business owners who haven’t
had time to create a secure cyber posture. Increasingly, neither do regulators,
customers or suppliers.
Supranational groups, such as the European Union (EU), and national governments,
including Australia’s, have been tightening up laws around the collection, storage and
use of data since 2018. Businesses that suffer a successful cyber attack are now
required to notify the relevant regulator and any potentially impacted stakeholders
and may also have to pay heavy fines or penalties. In the wake of a serious data
breach, they may find their options limited if they wish to IPO, list or get acquired at
some future date.
While cyber security remains more of an art than a science, there are some basic
precautions all business owners can take. Understanding the risks they face, taking
action to mitigate those risks, and taking a proactive rather than reactive approach to
cyber security is a good start.
It’s difficult to determine exactly how cyber secure Australia’s SMEs and startups
are. Nonetheless, there appears to be a widespread consensus that there is room for
improvement, especially in industries that haven’t historically had an ethical or legal
obligation to protect their customers’ data.
Cybercrime is an enormous industry, projected to inflict US$10.5 trillion (A$15 trillion)
in damages globally by 2025. Australian regulators, lawyers, investment bankers
and cyber security experts, not to mention SME owners and startup founders
themselves, all seem to agree that while most Australian businesses have basic
cyber defences in place, in many cases these defences should be substantially
upgraded.
If they are not upgraded, those who own or oversee businesses can no longer expect
much wriggle room from regulators or courts. There are currently moves afoot to
hold directors personally liable for failing to appropriately manage cyber security
risks. And in recent times, Australian businesses have had to pay out hundreds of
thousands and sometimes millions of dollars for failing to properly use or safeguard
their customers’ data.
Fortunately, business owners only need to summon the will to improve their cyber
security rather than find the time and energy to oversee the task themselves. That
task can be outsourced to the experienced cyber security experts at RSM Australia.
Solid cyber security is one of those things SME owners and startup founders
realise is important but often struggle to get around to focusing on. Unfortunately,
cybercriminals don’t make any allowances for busy business owners who haven’t
had time to create a secure cyber posture. Increasingly, neither do regulators,
customers or suppliers.
Supranational groups, such as the European Union (EU), and national governments,
including Australia’s, have been tightening up laws around the collection, storage and
use of data since 2018. Businesses that suffer a successful cyber attack are now
required to notify the relevant regulator and any potentially impacted stakeholders
and may also have to pay heavy fines or penalties. In the wake of a serious data
breach, they may find their options limited if they wish to IPO, list or get acquired at
some future date.
While cyber security remains more of an art than a science, there are some basic
precautions all business owners can take. Understanding the risks they face, taking
action to mitigate those risks, and taking a proactive rather than reactive approach to
cyber security is a good start.
It’s difficult to determine exactly how cyber secure Australia’s SMEs and startups
are. Nonetheless, there appears to be a widespread consensus that there is room for
improvement, especially in industries that haven’t historically had an ethical or legal
obligation to protect their customers’ data.
Cybercrime is an enormous industry, projected to inflict US$10.5 trillion (A$15 trillion)
in damages globally by 2025. Australian regulators, lawyers, investment bankers
and cyber security experts, not to mention SME owners and startup founders
themselves, all seem to agree that while most Australian businesses have basic
cyber defences in place, in many cases these defences should be substantially
upgraded.
If they are not upgraded, those who own or oversee businesses can no longer expect
much wriggle room from regulators or courts. There are currently moves afoot to
hold directors personally liable for failing to appropriately manage cyber security
risks. And in recent times, Australian businesses have had to pay out hundreds of
thousands and sometimes millions of dollars for failing to properly use or safeguard
their customers’ data.
Fortunately, business owners only need to summon the will to improve their cyber
security rather than find the time and energy to oversee the task themselves. That
task can be outsourced to the experienced cyber security experts at RSM Australia.