JUMP TO
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiIwMjQzMWM3OS04MTVlLTRiYjQtODE1ZS1jNjgwOTI2OWU1ZTEiLCJyb2xlIjoiQXBpVXNlciIsIm5iZiI6MTYyNDU3ODExOCwiZXhwIjoxNjI0NTc5MzE4LCJpYXQiOjE2MjQ1NzgxMTgsImlzcyI6Imh0dHBzOi8vd3d3Lm1pbnRlcmVsbGlzb24uY29tL2FydGljbGVzL2N5YmVyLXJpc2stdGhyZWF0LWluY3JlYXNpbmctYW5kLWEtdG9wLWdvdmVybmFuY2UtcmlzayIsImF1ZCI6Imh0dHBzOi8vd3d3Lm1pbnRlcmVsbGlzb24uY29tL2FydGljbGVzL2N5YmVyLXJpc2stdGhyZWF0LWluY3JlYXNpbmctYW5kLWEtdG9wLWdvdmVybmFuY2UtcmlzayJ9._8ddaZEGeLEGgiS9_2HeGNtQ_EJnxyd-nrH0Q5zOI9M
    https://www.minterellison.com/articles/cyber-risk-threat-increasing-and-a-top-governance-risk
    CLOSE
    CONTACT US Search Minter Ellison
    • Report

    Cyber risk threat increasing and a top governance risk

    4 minute read + PDF download  04.06.2021 Paul Kallenbach

    Perspectives on Cyber Risk 2021 highlights the increased action of regulators on cyber risk and how it is a key governance issue for boards and senior executives.

     

    Our report, in its 6th year, discusses key regulatory changes relating to privacy and data protection, and how ASIC and other regulators are increasing their attention and enforcement action in this area. Cyber risk is, more than ever, a priority governance issue for all boards and senior executives.

    Request download

    Key findings

    Important observations for Boards and CEOs, and C-suite executives:

    1. Testing of data breach response plans is increasing – from 34% to 55% in the last 12 months
    2. Low adoption of external cyber frameworks – this needs to improve if organisations are to better manage cyber risks
    3. Individuals remain the prime targets of bad actors – 70% of cyber incidents arise from phishing attacks
    4. 40% of survey respondents considered that cyber security risks have increased due to the shift to remote working

     

    Woe betide anyone who doesn't consider cyber risk to be a top risk for organisations and the boards that lead governance. The risk is growing and regulators are watching."Paul Kallenbach, Partner

    Regulatory changes on the horizon

    Regulatory changes relating to cyber risk, privacy and data protection are looming, and ASIC and other regulators are increasing their attention and enforcement action.

    For example, ASIC has identified 'deterrence-based enforcement action' as one of its critical cyber supervisory projects for 2021. In 2020 ASIC took its first cyber-related enforcement action against RI Advice Group, an Australian financial services licensee for failing to implement adequate policies and systems and ensure sufficient resources were deployed to manage cyber risk across its authorised representative group.

    Areas of legal exposure include claims against directors, ASX continuous disclosure rules, personal liability for directors who breach their obligations, misleading and deceptive conduct, contract claims, and (for some organisations) APRA’s prudential standards relating to outsourcing.

    According to Kallenbach, "The regulatory layers are confronting. Banks and other financial institutions, and the health and public sectors, for example, are subject to additional regulatory obligations. The Commonwealth is also flagging a significant overhaul of privacy laws to bring them closer to a GDPR standard. There is also pressure from customers, particularly for organisations that have suffered a significant data breach."

     

    If directors are not asking difficult questions on cyber risk, I can’t see how they are discharging their directors’ duties.”
    Paul Kallenbach

    Areas of focus for Boards and Executives

    Areas of focus Understand the supply chain

    Understand the supply chain

    Organisations should develop a thorough understanding of their supply chain, including their key vendors’ IT security and operational postures to mitigate against the introduction of weak links. APRA-regulated organisations must do this in order to discharge their obligations under APRA’s Prudential Standards.

    Areas of focus Build for resilience

    Build for resilience

    COVID-19 has exposed the critical importance of resilience in the procurement and operation of crucial ICT systems in helping to mitigate against events that may be outside of an organisation’s control.

    Areas of focus Keep up the regular training

    Keep up the regular training

    Most cyber incidents still result from human error. A regular program of security training and awareness is critical to addressing this.

    Areas of focus Dont go it alone

    Don't go it alone

    Organisations should consider joining an industry group or forum to share intelligence regarding cyber risk and evolving cyber threats.

    Perspectives on Cyber Risk 2021 is now available

    download

    Talk to us about how to be cyber risk prepared and how we can improve the digital and cyber literacy skills of your boards and senior teams.

    Contact

    Tags

    Education Financial services Health & ageing Infrastructure Risk, regulatory and governance consulting Technology consulting Board & governance
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiI2MDVlYjFlZC0wOTZiLTRjNTEtYWI0My03ZTZkYjk1MDYxOTQiLCJyb2xlIjoiQXBpVXNlciIsIm5iZiI6MTYyNDU3ODExOCwiZXhwIjoxNjI0NTc5MzE4LCJpYXQiOjE2MjQ1NzgxMTgsImlzcyI6Imh0dHBzOi8vd3d3Lm1pbnRlcmVsbGlzb24uY29tL2FydGljbGVzL2N5YmVyLXJpc2stdGhyZWF0LWluY3JlYXNpbmctYW5kLWEtdG9wLWdvdmVybmFuY2UtcmlzayIsImF1ZCI6Imh0dHBzOi8vd3d3Lm1pbnRlcmVsbGlzb24uY29tL2FydGljbGVzL2N5YmVyLXJpc2stdGhyZWF0LWluY3JlYXNpbmctYW5kLWEtdG9wLWdvdmVybmFuY2UtcmlzayJ9.LLz3HBBfJJmCJd4N_fjh_wmtT0iszSUkcH_6aBlvCuQ
    https://www.minterellison.com/articles/cyber-risk-threat-increasing-and-a-top-governance-risk

    Read next

    COVID-19: How can organisations respond, manage and mitigate the risks to business and the economy?

    Our insights can help you navigate the uncertainty.

    Request report

    © 2021 MinterEllison