December 8, 2016
Technology and change is prevalent across all areas, right through from the supply chain to the customer. Computers are no longer isolated assets; complex cloud based systems allow all areas of an organisation to be truly digital.
Although this can have many benefits, an increased digital presence, combined with the expansion of mobile technology, is exposing businesses to risks; particularly where there has been the rapid introduction of new technologies to keep pace with competitors. As a result, businesses can often lack awareness of the true extent of their digital footprint and cyber-crime is unfortunately on the increase.
Whilst organisations are often aware of the cyber security and privacy threat, a recent survey (Global State of Information Security 2016) found that NZ businesses’ investment in cyber security measures are lagging behind that of comparable economies. Only 17% of NZ digital businesses currently have an internet security policy in place compared to 39% of Australian businesses. Similarly, just 20.5% of NZ businesses surveyed have aligned cyber security spending with business revenue, compared to an overwhelming 63% of global businesses.
There is a further risk that NZ industries may be losing out to global competitors due to a lack of investment in digital security. The EU, South Korea, Hong Kong and Singapore have all introduced comprehensive new data protection regulations. By comparison, NZ has a lack of mandatory reporting obligations for data breaches, which means our businesses may be unprepared to operate in global markets. Although security measures and policies are not currently compulsory here, companies looking to expand cannot afford to neglect the issue.
As every organisation uses digital technology andthe internet to different degrees, context is key and a personalised approach specific to the business needs to be taken.
However it is of paramount importance that thought is given to implementing IT security strategies; as a security failure could result in catastrophic damage to the business on a reputational level and severely damage customer relationships.
In the event of a data breach, the business is no longer seen as a victim, but as someone who has not taken sufficient care over data provided to them.
It is therefore recommended that:
- cyber security measures are built into new digital initiatives as they are being developed,
- businesses increase their investment into more advanced tools for detection of potential cyber attacks, and
- policies are put in place to respond swiftly to any security breach, as reassurance to all stakeholders and to avoid reputational damage.
In-house IT teams may no longer have the expertise to keep up with the ever changing cyber-threat – outsourced expertise may need to be sought to provide a more cost effective and efficient solution.