Add vigilance and resilience to the preparedness equation
Deloitte’s new handbook provides a high level guide to thinking and dealing with today’s cyber threats
19 November 2014: The average cost of data breach per Australian organisation is almost *$2.6 million per year – and rising – according to global research.
In its Cyber security – Empowering the CIO handbook, Deloitte provides practical insights into the evolving role of the Chief Information Officer (CIO) in managing cyber security threats and solutions. It also offers advice on how organisations can transform redundant cyber security approaches into effective ongoing security solutions.
Case studies from Distribute.IT (a start-up internet –related business) demonstrate how hackers can destroy a business overnight, and global health care provider Johnson & Johnson provides simple steps to developing an organisation’s people and culture security program.
Deloitte Cyber Risk Services lead partner Tommy Viljoen said: “In our digital world, security needs to be top of mind and we need to work on the basis of having already been attacked and being prepared for attacks to happen again.
“In Australia there have been over *20,000 breached records over five years to 2014 – compared to just over 29,000 in the United States – so businesses need to invest in security and work with the support of strong IT teams, and external resources, to operate more effectively and securely in our digital world.”
The global average number of breached records, in US$ per market
The average global cost of data breach per organisation, in US$
* Data not available for FY 2013
The above graph shows that the average global cost of data breaches per organisation in Australia has increased almost three per cent in just one year.
“The ‘always-on’ nature of the internet means costs associated with breaches are likely to continue to rise each year, so it is critical that organisations ensure the basics are right around their cyber security effectiveness,” Viljoen said.
Other key handbook insights include:
- Today’s CIO needs to be the facilitator, and work closely with their organisation’s executives and board members given the complexity of cyber security
- Understanding the enemy and their cyber-crime motivation will help CIOs educate business leaders and other stakeholders
- The impact of a cyber breach can have extensive repercussions, from brand damage and loss of revenue, to decreased share prices and increased regulatory scrutiny
- Focusing too closely on IT alone can prevent businesses from seeing the bigger picture of effective cyber security, resulting in unauthorised data loss or exposure.
“Our handbook details 10 assertions which are mistaken as evidence of adequate security in an organisation. We need business leaders to actually ask hard questions about cyber security to ensure they are sufficiently informed on the state of cyber security within an organisation,” said Mr Viljoen.
Deloitte Technology Agenda Managing Partner Robert Hillard believes the role of the CIO is now to deliver ongoing updates to the executive and board that provide insights into an organisation’s cyber security maturity, capability and improvements, incidents, responses and emerging issues.
“The CIO role is to emphasise that cyber security is not just about complying with regulation and investing in technology. It’s about protecting the business and securing its intellectual property and sensitive information,” he said.
Deloitte recently launched a global Centre for Crisis Management to help clients prepare for, respond to and recover from growing threats, led by Graeme Newton, former CEO of the world renowned Queensland Reconstruction Authority. Mr Newton will lead the Australian crisis management business and set up the Australian and South East Asian arm of the Deloitte Centre for Excellence for Crisis Management, which will deliver a high-level capability for crisis readiness.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/au/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 200,000 professionals, all committed to becoming the standard of excellence.
About Deloitte Australia
In Australia, the member firm is the Australian partnership of Deloitte Touche Tohmatsu. As one of Australia’s leading professional services firms, and winner of both the Australian Financial Review/CFO Audit Firm of the Year and Accounting Firm of the Year awards 2013, Deloitte Touche Tohmatsu and its affiliates provide audit, tax, consulting, and financial advisory services through approximately 6,000 people across the country. Focused on the creation of value and growth, and known as an employer of choice for innovative human resources programs, we are dedicated to helping our clients and our people excel. Formore information, please visit Deloitte’s web site at www.deloitte.com.au.
Liability limited by a scheme approved under Professional Standards Legislation.
Member of Deloitte Touche Tohmatsu Limited
© 2014 Deloitte Touche Tohmatsu