With the government and regulators increasingly focused on data and cyber security, companies will be expected to review their risk management frameworks and implement robust cyber policies and breach response plans with a view to mitigating loss.
Data is the new buzzword in Australia with businesses using it to develop, grow and target new markets. In an age where data is an increasingly valuable business asset, regulators and industry alike are becoming increasingly focused on how it is handled and stored.
Following recent changes to the privacy regime in 2014, the Australian Federal Government is now expected to go one step further and introduce a mandatory data notification regime in the coming months. Intended to strike a balance between the growing risk of data breach and the burden mandatory breach notifications will place on business and industry, the regime is expected to mandate notifications where there is a data breach that results in a risk of "serious harm" to individuals.
Recent statements made by Australia's corporate regulator (ASIC) that companies must promote cyber resilience as part of their risk management framework reflect an increased awareness in the Australian market that risk sits alongside opportunity for those businesses operating in cyber space.