Published on the 12/06/2013 | Written by Newsdesk
Every time an organisation endures a data breach it costs $2.72 million – 23 percent more than it did a year ago – suggesting that the Government’s proposed mandatory reporting regime is timely…
Symantec and the Ponemon Institute last week released their 2013 global data breach study which found that although human errors and system problems were responsible for most data breaches internationally, the greatest risk for Australian organisations was from malicious attacks. The cost of those attacks has also increased – from an average of $2.16 million in 2011 to $2.72 million in 2012.
Australian companies participating in the survey said that 43 percent of data breaches were caused by malicious attacks, compared to 36 percent a year ago. While these figures are interesting, it’s important to note that they have been generated from a very small Australian sample of just 21 companies operating in 10 different industry sectors.
Nevertheless computer security remains firmly in the public eye. Earlier this month ABC’s Four Corners programme revealed concerted hacking attacks on ASIO and that the Reserve Bank has also been targeted.
It is against this backdrop that the Australian Government is planning to introduce legislation that will force organisations to come clean when their computer systems have been compromised and data privacy breached. The bill has passed the House of Representatives and is currently waiting to be debated in the Senate. However with only a couple of sitting weeks left before the Parliament rises prior to the federal election, it is unclear whether legislation will emerge any time soon.
However according to Brenton Smith, vice president and managing director for Symantec’s Pacific region, “With the cost and severity of data breaches in Australia increasing year on year, the introduction of a mandatory data breach notification law could not be more timely. Mandatory breach notification is an important milestone for the protection of data in this country. Mandatory breach notification ensures that in the unfortunate event of a data breach, consumers are provided with the information required for them to take the necessary remedial steps.”
Lawyers note however that the bill recommends mandatory notification only for “serious” data breaches, which could let many organisations off the hook.
