The Optus and Medibank data breaches illustrate the importance of Information Governance for ensuring businesses have the latest security standards, protocols and organisational discipline to effectively respond to the latest wave of international cyber-attacks.
The recent cyber-attacks on Optus and Medibank, which resulted in the unauthorised disclosure of the personal information of millions of Australian customers, is a timely reminder to all Australian organisations of their statutory obligations to prevent and report cyber security attacks.
These incidents have highlighted the need for robust governance over organisational data and information. These attacks have also demonstrated the requirement for organisations to invest significantly in cyber-attack prevention, detection, and response.
Information Governance provides a disciplined framework for organisations to establish the right people, processes, policies, and metrics to oversee enterprise information and add value to the business.
Technology and business process advances in recent years have led to an information explosion. Enterprise information is growing at an unprecedented rate – as are the opportunities to exploit this data.
Business information comes from multiple sources, such as business process applications and productivity suites, with many containing “unstructured” content such as e-mails or documents, and social media. Companies that effectively leverage their information assets will drive business innovation and profitability. It is certainly no secret that managing information well is critical for business success.
It is not uncommon for human factors to either cause or amplify technical weaknesses resulting in a data breach. About one-third of all reported personal data breaches from OAIC’s Notifiable Data Breaches Reports attribute human error as the primary factor.
Having clear processes and polices in place supported by governance controls, along with continuous measurement and re-enforcement will reduce the probability of a cyber incident, with organisational education being a major factor.
Information Governance initiatives provide trusted, secure, high-quality information to support business operations, growth, and innovation by addressing data ownership fragmentation. Many businesses take an ad hoc approach with poor documentation of policies and rules, a lack of consistent processes across the organisation, and an inability to monitor and meet compliance requirements.
One of the outcomes of these major data breaches is a potential increase in the penalties for organisations who fail to comply. Any move to increase penalties will likely be bipartisan, given that the former Government released an exposure draft of privacy law amendments to increase penalties applicable for serious and repeated privacy breaches.
Australia has awakened to the new world of international cybercrime. Those companies that invest in Information Governance will be best positioned to counteract threats to data and privacy, and to grow through improved efficiency and customer confidence in their secured services.
Many organisations are now undertaking actions to review their current IG strategy, with the view to improving their performance moving forward.
Contact Astral if you would like to discuss further.