According to one recent study, the average cost of a single data breach worldwide hit approximately $3.62 million in 2017. While this roughly represents a 10% decrease from the previous year, it's still the type of cost that most businesses cannot afford to contend with.
In an effort to help Australian companies that have been victim to a cyber attack come up with a counter strategy, legislators have passed a new cybersecurity law that outlines how to respond in terms of communicating the data breach to the public. Unfortunately, this new law also comes with incredibly strict consequences (and harrowing implications) that need to be considered moving forward.
Australia's New Data Laws: What You Need to Know
Australia's new data laws, which take effect February 22 2018, requires companies with a turnover in excess of $3 million to alert customers of any unauthorised access to their data in the wake of a breach. Essentially, this means that if your company is hit with a data breach, you need to inform your customers as quickly as possible.
Failure to do so doesn't just put your SME in violation of privacy laws and a tainted reputation, it also comes with a hefty fine of $360,000 for individuals and a massive $1.8 million for organisations.
To their credit, the Australian government has also outlined a series of best practices to help companies stay on top of this situation — at least in theory. They have encouraged companies to develop a data breach response plan, complete with a dedicated team that handles these incidents as they occur and escalating to proper authorities when appropriate.
This team will be responsible for identifying and containing the breach, evaluating the level of risk the organisation has been exposed to, notifying the authorities, the public, and more. They will also be tasked to determine whether or not a breach is serious in the first place, as under the new laws, not all network intrusions need to be reported.
However, critics say that this new law will make many organisations even more attractive to cyber criminals than they already are. Consider the fact that in 2016 alone, there was an average of about 4,000 ransomware attacks every day worldwide. During the same year, the average ransomware demand from hackers was roughly $1,077.
Now, consider what might happen when these new laws go into effect. If a hacker knows that you will be charged over a million dollars if they're able to successfully compromise your system and you don't properly notify the public and the authorities, why would the average demand remain so low? What would you rather pay — a demand for $50,000 or a fine of $1.6 million? Both you and the people who want to do you harm already know the answer to that question.
These are just a few of the reasons why Australia's new data breach legislation will make cybersecurity even more important than it already is. We're quickly approaching a stage where a reactive approach to cyber crime just won't do especially when you consider the number of fines that may be involved. This is also why partnering with a company like a managed services provider is so essential. If you don't have the infrastructure necessary to stay ahead of these hackers, you need to find someone who does and you need to do it sooner rather than later.
Powernet: Your Partner in Cybersecurity
At Powernet, we understand how Australia's new data breach legislation is about to impact your business — which is why we want to help you make sure that you're prepared for this new legislation to take place come February 2018 and for many more changes set to take place beyond.
If you'd like to find out more information about the importance of this new cybersecurity law, or if you have any additional questions that you'd like to see answered, please don't delay — contact Powernet today.