In March 2016 the Australian Cyber Security Centre
(ACSC) released its 2015 cyber security survey of
major Australian businesses. This follows a similar report in
2013 and shows the state of cyber security across 149 Australian
businesses and government departments from 12 industry
sectors. A copy of the report can be accessed here:
2015 Cyber Security Survey: Major Australian Businesses.
The report covered a range of industries, many of whom contract
services to government, and asked a range of questions in relation
to organisations' preparedness for cyber attacks and the
various strategies that they have in place to deal with such
The results are illuminating in the context of the government
draft legislation for mandatory reporting of data breaches.
One of the key findings was that industry is yet to be convinced of
the benefit of reporting incidents and many businesses fail to
report cyber security incidents on the basis there is no perceived
benefit in doing so. 43% of respondents failed to report
incidents on that basis.
In terms of prevention and structural steps to reduce risk it is
clear that organisations have in place a range of structures as set
out in the Report, the most common being an information security
policy, which over 90% of respondents had in place. This was
followed by a business continuity/disaster plan, a change
management policy and procedures, a backup or archiving policy, and
a user access and identity policy. It is apparent that there
is a broad use of external IT security standards, approximately
82%. This shows that businesses are preparing for cyber
incidents. Respondents identified as a key issue, awareness
training for staff.
The most prevalent type of attacks identified at 72% were
ransomware incidents. A ransomware incident involves
extortion through the use of malware which locks a computer's
content and requires the locked computer to pay a ransom to regain
access. The threat report identifies that ransomware
campaigns will continue to be prominent. Organisations
identified that one of their biggest risks was of the trusted
insider. This represented the highest concern for 60% of
respondents, followed closely at 55% by motivated groups or
It is clear that these issues are not likely to abate in the
near future and that organisations need to continue to allocate
resources to prevention and management of incidents. Privacy
and data protection policies and training can assist in this area
and we are well placed to assist businesses including in responses
to data breaches and reputation management.
This publication does not deal with every important topic or
change in law and is not intended to be relied upon as a substitute
for legal or other advice that may be relevant to the reader's
specific circumstances. If you have found this publication of
interest and would like to know more or wish to obtain legal advice
relevant to your circumstances please contact one of the named
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Privacy issues require a considered strategy where sets of big data come with ever-increasing regulatory obligations.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).