In 2016, cyber security took on an increasingly prominent role in the headlines with frequent data breaches taking place in major institutions, both public and private. 2017 will continue on similar lines, with cyber-attacks set to increase in prevalence and sophistication. In the coming year, businesses of all sizes must adequately prepare to ensure that they have the flexibility to withstand information security threats.

The Impact of Data Breaches on Australian Businesses

Business owners often underestimate the prevalence of data breaches and their potential impact on the bottom line. According to Telstra’s 2016 Cybersecurity Report, 23% of Australian organisations detected a business-interrupting security breach during an average month.

Not only are security breaches more common than most business owners think, but they also have a much greater impact on business than they’re aware. Almost a third of small and medium enterprises think that an information breach would not have a serious impact on their business. In reality, these data breaches are extremely costly to a business’ bottom line. IBM’s 2016 global study into the costs of data breaches found that the average total cost of a data breach was $2.64 million USD. The study breaks down this value to show that data breaches cost companies an average of $142 USD per compromised record.

Data breaches pose a serious threat to Australian businesses, and yet 29% of small and medium enterprise managers said they either never trained staff on information security policies or didn’t even have policies in place. 

Given the weight and frequency of these data breaches, an understanding of the causes of these breaches is paramount for businesses wanting to protect themselves.

Data Breaches Caused by Human Error

Although they may not feature in the headlines as frequently as malicious cyber attacks, data breaches caused by human error have been identified as the top security threat for Australian businesses.

In October 2016, the Australian branch of the Red Cross Blood Service announced that 1.28 million donor records that contained confidential health information had been leaked in what has since been described as Australia’s largest security breach. Shelly Park, the chief executive of the Red Cross Blood Service confirmed that this information was released due to human error after the data was placed on an unsecured computer environment and accessed by an unauthorised person.

Although a hostile attacker did not cause this breach, the consequences were extremely severe and could have been avoided with proper security management and planning, such as the implementation of the information security management standard, ISO 27001.

Data Breaches Caused by a Malicious Attacker

The IBM report found that data breaches caused by malicious or criminal attack made up 48% of all attacks last year. These attacks actually prove to be significantly more costly to resolve, compared to those caused by system glitches and human error or negligence.

In January of this year, an Australian business experienced a potentially costly data breach, which hit headlines due to how easily it occurred. Showpo, an online fashion retailer, is suing a former staff member for allegedly stealing their entire customer database and giving this information to a competitor. The breach has exposed several potential flaws in the company’s data security management that may have been prevented by effective information security management systems. Had the company been compliant with the international standard ISO 27001, it is unlikely that a breach of this nature would have been possible.

These data breaches reveal the importance of managing risks with information security systems, since attacks will most certainly impact the profits and reputations of a business. 

To get in touch with a Compliance Council compliance consultant about your certification to the ISO 27001 standard, get in touch with us today.