Accountants in Sydney have witnessed firsthand the transformative impact of technology, the internet, and cloud-based software on our businesses and daily routines.
An unfortunate consequence of this advancing technology is the increase of cyber criminals and cyber-attacks.
The Australian Cyber Security Centre (ACSC), in its 2017 Threat Report, revealed that 47,000 major cyber security incidents occurred over the past financial year, a 15% increase from the previous year.
A cyber attack can become very expensive for businesses. The financial toll of a cyber attack should be a sufficient motivator to prioritise cyber security. A cyber security specialist estimated that 60% of businesses leave within 6 months of a significant cyber breach.
For example, a business with a denial of service attack could cost an average of up to $180.000 to recover from. The average time to recover from a cyber attack was 3 weeks, but for some smaller businesses, it can take a lot longer for them to recover.
We implore you to talk to your IT specialist to protect your business from a cyber-attack. Engage them to audit your IT system, including your online security, password protection, server protection, remote access, website, etc.
Do you need to consult a cyber security specialist to review your systems and help put a solid cyber security framework in place?
We also suggest you talk to your insurance broker. Does your business interruption insurance cover cyber-attacks? Do you have business interruption insurance? Do you need cyber security insurance as well?
In addition to the significant inconvenience and expense of a cyber-attack, some businesses are now required to report a data security breach.
Under new Notifiable Data Breach legislation (part of Privacy Act amendments) applicable from February 2018, some businesses must report a data security breach to the Privacy Commissioner as soon as they become aware.
This new legislation applies to organisations governed by the Privacy Act:
- Most organisations with an annual turnover of more than $3 million
- Businesses with a turnover of less than $3 million, which:
- handle personal information of customers, e.g. credit reporting information, tax file numbers or health records (includes medical practitioners, chemists, gyms, lawyers, accountants, financial planners etc.)
- sell or purchase personal information
- any related businesses
There are significant penalties for businesses that fail to comply, including:
- public apologies
- compensation payments of up to: $360,000 for individuals
$1,800,000 for organisations
If you have any queries, don’t hesitate to contact your client manager.
Kreston Stanley Williamson Team
*Correct as of October 2018
Disclaimer – Kreston Stanley Williamson has produced this article to serve its clients and associates. The information contained in the article is of general comment only and is not intended to be advice on any particular matter. Before acting on any areas in this article, you must seek advice about your circumstances. Liability is limited by a scheme approved under professional standards legislation.