The ASX 100 Cyber Health Check Report (Report) is an industry-led initiative that forms part of the Australian Government’s Cyber Security Strategy. The Report is the first attempt to gauge how the boards of Australia’s largest listed companies view and manage their exposure to cyber risk. The survey was well received with 76 of the ASX 100 responding.

The Report demonstrates a high level of risk awareness at the top levels of corporate Australia, including that:

  • 68% of directors consider that cyber risks are extremely important;
  • 80% of companies expect an increase in cyber security risk over the next year or so; and
  • almost 40% of directors rate cyber risk in the highest category relative to other business risks.

The new Privacy Amendment (Notifiable Data Breaches) Act 2017, which was passed since the survey was conducted, will make it mandatory by February 2018 to notify affected individuals if there is a privacy breach of their personal information that is likely to result in serious harm (see G+T Insight dated 17 February 2017 for further details). This is clearly on directors’ radar with 75% confirming they have considered how they would notify customers of such breach.

All organisations are reminded of the need to develop, and continually assess, comprehensive cyber security plans (which also address the new notifiable data breaches legislation) to ensure it is in as robust a position as possible to identify, manage, and defend itself against, a potential cyber attack.