AVOIDING THE CYBER DEFENCE DANGER ZONE

AS COMPANIES continue to rely heavily on the internet for storing crucial information and data, one cyber security expert warns that boards and legal teams need to up the ante with their online defence strategies.

Minter Ellison special council Leah Mooney (pictured) says with each new development in the way businesses conduct their operations online, a new risk presents itself.

"Just as the internet and other new technologies are opening up tremendous possibilities for conducting business in new ways, increasing opportunities are arising for criminals to commit new crimes," says Mooney.

Due to a recent spike in significant data breaches nationally and overseas, the issue is firmly in the spotlight for both cyber risk legal teams and government departments.

Last year the Australian Securities and Investments Commission (ASIC) introduced the concept of 'cyber resilience' through Report 429: Cyber Resilience Health Check, also contributing to an increased need for legal direction in the area.

"ASIC has provided a clear indication that cyber risk is a board-level issue," says Mooney.

"Further, the government has recently released for industry consultation a draft bill to require mandatory notification of serious personal information data breaches.

"These developments have led to an increase in Australian boards seeking advice on managing cyber security and privacy risks."

Mooney believes one of the biggest recurring issues is how companies and their lawyers manage data breaches, before and after they happen.

She advises teams to engage in more comprehensive planning to prevent and respond to incidents, in addition to considering the adoption of insurance schemes for further protection.

"There is no foolproof system for protecting clients from the threat of a cyber-attack. It is therefore imperative that organisations and their legal advisors consider the benefits of a specialist cyber risk insurance policy.

"Cyber resilience planning is also crucial. The key to successful project management is accessing the correct service providers and knowing who to call in the event your client is targeted in a cyber-attack."

At the end of last year, Mooney was the only Australian lawyer to be named one of the top 50 cyber security and data trailblazers by America's National Law Journal.

She works in Minter Ellison's cyber risk team which recently surveyed c-suite and senior executives involved with IT, legal and risk sectors to build a picture of online defence capabilities for Australian companies.

Results show that attacks are occurring on a regular basis across almost every industry and that, for many companies, online safety is considered a challenge across all facets of the enterprise.

To read the full report entitled Perspectives on Cyber Risk, click here.