Cyber security is not just an IT risk but an enterprise risk, one which threatens to destroy a business if poorly handled, according to Monica Schlesinger, principal at Advisory Boards Group International and board member of a number of health and business organisations.
Speaking at a recent cyber security roundtable, Monica said a staggering 60 per cent of businesses that are the victims of a major cyber attack go out of business within six months, and overall business losses as a result of cyber breaches in Australia were estimated at $17 billion in 2016 alone.
To put the growth of cyber crime into perspective, this cost was estimated at a comparatively small $1 billion in 2013.
According to Monica, a sample survey of company board members conducted by the Ponemon Institute found that 87 per cent had little or no idea about their company’s cyber security experience.
She suggests that business owners take a much more active involvement in their data protection processes and strategies, and provided the following checklist of questions to ask relevant employees and stakeholders:
- Where does our data reside?
- Do we have a third-party HR policy?
- Do we have a contract clause with our third parties?
- What is our cyber security framework?
- What are our top five risks? (e.g. employees bringing their own devices to work, cloud-based data)
- Do we have an education program at all levels of the business?
- How do we deal with crisis management in a cyber breach scenario?
- What is our data breach response plan?
- Whom do we notify of a breach?