Cybersecurity – An SME Risk Perspective

facebook Twitter LinkedIn RSS

Unless you are seriously tuned into the risk and compliance world you may not know that this week is the Australian Securities and Investment Commission (ASIC) annual forum, where industry types get together and shoot the breeze about such gems as “the need to regulate for real people by examining ideas like behavioural economics”.

Believe it or not behavioural economics and cybercrime have a pretty clear connection.   As more information is stored online the economics of nicking it become much more attractive to those engaging in organised crime and those seeking to steal commercially sensitive information.

Describing cybercrime as “the next black swan event”, the chairman of ASIC Greg Medcraft said “risk management systems must be granular enough to ensure a good level of resilience”.

“Cyber-resilience through risk management is vital,” he warned.

He went on to suggest that the tome “Framework for Improving Critical Infrastructure Cybersecurity” (a set of guidelines developed on the orders of the US President Barack Obama) might be worth a read for organisations of all types – even SMEs.

The “framework” released by the White House last month is not the easiest read, but it does note that organisations should adopt a risk-based approach to managing cybersecurity risk. It describes how this should be underpinned by “five concurrent and continuous functions – identify, protect, detect, respond recover”.

Given the increasing coverage given to cybersecurity we would argue that far from being a “black swan” event the possibility of cybercrime is something that should be considered within the risk frameworks of all Australian organisations.

Compliance with Current and Future Child Protection Laws – Embedding a Child Protection Culture. How can this be achieved?

Financial Services Updates

Financial Services Updates