*** Please be advised, this is not legal advice, and you should seek your own independent advice
The Albanese government is raising the maximum penalty for breaches of privacy laws from $2.2 million to whichever is greater of $50 million, 3 times the value of any benefit obtained from the misuse of data or 30% of adjusted revenue in the relevant period.
The proposal to increase fines for serious data breaches was instigated by the recent Optus data breach and the following Telstra and Medibank cyber-attacks. This past year has seen the biggest cybercrime incidents in Australian history, particularly to large companies. It’s clear that it is vital for businesses to start taking cyber security seriously and this fine is intended to be an incentive for businesses to ensure their customers’ data and sensitive information is adequately protected.
While the Agriculture minister Murray Watt and Greens Senator David Shoebridge have expressed the need for a tiered system, Small-to-Medium sized businesses (SMBs) will currently face the same penalty as large corporations. Being the victim of a cyber-attack would be difficult enough, though add additional fines for privacy breach and it could be devastating for any business.
Could your business afford to pay $50 million in the case of a data breach?
We thought not.
How To Avoid Fines for a Data Breach
Unfortunately, the chance of being a victim of a data breach is at an all-time high. According to the Annual Cyber Threat Report 2022, the ACSC received over 25,000 calls to the cyber security hotline and over 76,000 cybercrime reports – an increase of 13% from the previous financial year. As cyber criminals are constantly finding new ways to hack into your business’ systems, it’s no longer a matter of if you will be the target of a cyber-attack, but when.
So, if you were to suffer a data breach, the only way to avoid paying the fines would be to prove in a court of law that you have adopted cyber security government recommended standards for your business. You must prove that you have taken all the necessary steps to avoid a security breach from occurring to mitigate damages and penalties.
Is Your Aligned with Government Recommended Standards?
When it comes to improving your businesses’ cyber security, it can be difficult to know where to start. There’s a lot to consider, though, complying with government recommended standards is the simplest way to ensure your business is meeting the minimum IT security requirements for your industry. We have provided the top 3 things you can do to align your business with government recommended standards.
Have You Undertaken an Audit?
When was the last time you did an IT security audit for your business?
As cyber criminals are always looking for ways to get in, it’s imperative that any holes in your current processes are located and patched before they become a problem. An IT security audit will thoroughly investigate your existing infrastructure to determine any potential cyber risks and provide solutions on strengthening your cyber security defences. This should be a regularly undertaking for all businesses and be a part of a continuous cycle of improving security measures.
If you’re wanting to get a clear understanding of the current state of your business’ cyber security posture, our experienced technicians can run a full IT security audit for you. Contact us today to learn more about our Cyber Security Services and arrange a time that is best suited to you.
Have You Implemented the Essential 8?
In order to help businesses, like yours, improve their cyber security posture, the Australian Cyber Security Centre (ACSC) released the Essential 8 mitigation strategies. These government recommended strategies are the best chance of protecting your business. Plus, should you face legal action following a breach, if you had implemented the Essential 8 it could help demonstrate that you did everything within your power to secure your data.
We know all the tech-jargon can be confusing, so we came up with a simplified version in our free eBook, Beginners Guide to the Essential 8. This guide is designed to get you started on improving your cyber security measures, so we also share some quick wins to help get you and your business on track.
Do You Have an Active Cyber Security Solution?
As each business is different, sadly, there isn’t a one size fits all cyber security solution for all businesses. Nor is it a ‘set and forget’ task. A strong cyber security posture requires constant monitoring and adaption. You must be actively aware of and improving your cyber security posture to protect your business and your customer’s data from getting into the wrong hands.
This is also a key means of defending your business to avoid data breach fines. If you can prove that you are actively working on improving your cyber security posture, it is evidence that you have taken consistent measures to avoid a security breach.
Protect & Defend Your Business.
The increase in fines may seem like a big leap, but the reality is, all businesses should be prioritising cyber security. All businesses, regardless of size, should be complicit with government recommended cyber security standards.
Truly, the key factor for warranting data breach fines is negligence. Many businesses have not got the right cyber security measures in place and, with so much at risk, there isn’t an excuse for it anymore. As they say, the best defence is a good offence, and this comes down to being prepared. So, make sure you are aware of any weaknesses in your business systems, comply with the ACSC’s Essential 8 and adopt an active cyber security solution to not only protect your business from cyber threats, but prepare the best defence for the case of a data breach.