Against the evolving landscape of Australia's privacy and data protection regime, we conducted our fourth annual cyber security survey to assess how Australian organisations are responding to cyber risk. More than 110 senior executives across legal, technology, finance and procurement participated in the survey.
2018 ushered in more stringent privacy and data protection laws along with harsher penalties. New incoming regulation including Australia's Notifiable Data Breach and consumer data right regimes, as well as the European Union's General Data Protection Regulation, which brought Australia closer in line with emerging international standards.
Numerous recent and high profile examples of data breaches, both in Australia and overseas, demonstrate that those organisations not designating cyber security as a top priority are exposing their business, customers and reputation to a clear, present and escalating danger.
Increased awareness and understanding of cyber risk does not always translate into action
Against this background, our latest survey results indicate that more should be done to address this danger. Respondents indicated that they are aware of the cyber threat, and year on year we have seen a significant increase in organisations' acknowledgement and understanding of the risk. However, this has not always translated into appropriate and considered action.
78% of respondent organisations said that they have a data breach response plan in place, but only 45% of survey respondents told us they regularly (at least annually) tested it.