The Australian government last month announced that mandatory data breach notification laws will be brought in by the end of the year, meaning that an organisation must notify its customers of any data breach that results in customer information being compromised.
If it isn’t already, this announcement should push cyber security risk to one of the most critical issues for company boards and risk committees in 2015 and beyond.
Last year, 104 companies voluntarily reported data breaches to the Office of the Australian Information Commissioner (OAIC)1. Given the fact that 71% of US businesses suffered a data breach in 2014 (up 9%), and 22% were hit at least six times2 , this number is set to explode in Australia with the new mandatory data breach notification laws, exposing organisations who are attacked to negative publicity and potential litigation, plus additional compliance and insurance costs.
You may have read in one of our recent blogs that US retail giant Target have spent around $160m on legal fees and repairing and upgrading their systems after the breach that affected 70 million customers - in a recent earning forecast they estimate that they have lost $1b in revenue since reporting the breach.
Protecting your organisation against data breaches just became a heck of a lot more serious.
With consumer trust invariably linked to sales, ensuring your customer data is securely protected and cyber-attacks are detected early, before they can compromise any vital systems, is critical.
To give you an idea of how often consumers may be notified of a company being attacked and their private details being exposed to hackers - seven out of ten US organisations were affected by a data breach last year, with companies issuing over 100 million data breach notices. Just to put this in perspective – that is almost half of the US adult population3.
And it wasn’t just big banks and retailers issuing these notices. It was phone companies, health providers, all types of insurers, social networks, government departments, coffee franchises, small business… no one was spared.
But it has taken Australia a while to catch up with the rest of world. Currently, there is no such law requiring Australian companies to notify customers that their data has been compromised.
Mandatory notification has been standard in many European and Asian countries for some time, and in the US, all but three of the fifty states have had some form of legislation on data breach notification for over a decade. To bring all 50 states into line, President Obama recently approved a uniform data breach notification law that covers the entire country.
As we all (should) know, it’s a matter of when, not if, your organisation will be hit with a data breach. Detecting that breach and preventing nefarious parties from gaining access to private customer information is paramount. Cloud data protection software that handles encryption, deploys automated countermeasures, collects user behavioural analytics and provides real-time visibility into your applications are your best line of defence in preventing data breaches.
So, the $1 billion question is – can your company afford to be named and shamed in the event of a data breach? In a time where consumer trust and confidentiality are key brand differentiators, can your company withstand the hit to the bottom line when revenues fall as a result of a breach? Can you afford not to invest in an intelligent cloud data protection solution that will block cyber criminals who want to access your sensitive data, and allow you to conduct secure and compliant business in the cloud?
Only time will tell.
StratoKey's intelligent cloud data protection allows you to automatically block
unauthorized access to your sensitive data, so you can do secure and compliant business in the cloud.
1. [OAIC: Over 100 data breaches voluntarily reported]
2. [SC Magazine, 71 percent of orgaizations successfully attacked]
3. [United States demographics]