CANNINGS PURPLE WHITE PAPER
Chris Leitch is Cannings Purple's data breach communications lead, driving risk management projects and shaping strategies for clients that allow leaders to be prepared and agile in crisis and issues management.
He is available to lead or support projects around data breach preparedness, including development of communications plans, scenario planning, auditing and testing existing plans, helping to build a secure data culture and developing data breach simulations to test resilience.
We can help!
Cannings Purple is your partner to build and test data breach resilience. Start a conversation with our data breach lead Chris Leitch today
“
Continue reading below
Privacy under attack
Three of Australia’s biggest data breaches occurred in the last 12 months.Whether they were the result of malicious actions or negligence, their details are potentially in the hands of cybercriminals, leaving them exposed to fraud and identity theft.
Cyber threats are evolving faster than any other risk management areas, and business leaders must demonstrate they are taking these threats seriously.
Case study
Marsh/Microsoft State of Cyber
Resilience Report
About two notifiable data breaches are made each day in Australia on average, with around seven in 10 of those reports the result of malicious or criminal actions.
When information is stolen, goes missing or becomes visible to criminal elements, the reputational damage can be devastating, shattering the trust that staff, customers, investors and other stakeholders have in an organisation as a sound custodian.
Increased sophistication by attackers and the widespread availability of ransomware and malware tools has raised expectations for company disclosure, through such means as the Notifiable Data Breach scheme.
Data breaches among bigger companies, such as Optus, Medibank or Latitude Financial, have long tails and investors make their influence felt by withdrawing funds or taking legal action.
The risks are more than just within organisations, with supply chains increasingly a weak link in data protection risk management.
A supply chain attack, also known as a value-chain or third-party attack, occurs when information is compromised through an outside partner or provider with access to your systems and data.
Personal information is legitimately shared with third-party organisations and platforms for the purpose of doing business, such as an external agency who handles services or a software platform used for business purposes.
Although many businesses have effectively enacted internal cybersecurity protections, The Marsh State of Cyber Resilience Report 2022 found that just 43% have conducted risk assessments of their supply chain.
Despite best efforts, the reality is that almost all organisations will experience some form of privacy breach, cyberattack or other serious data breach, which can be harmful to people and damaging for an organisation’s financial position and reputation.
As regulations on managing sensitive data and third-party vendors continually evolve, compliance is becoming increasingly complex.
There is an increasing need for business leaders to develop cyber-resilience and a data safety culture with their organisations, as well as rapid response capabilities.
A well-rehearsed communications plan and a strategy to mitigate the impact of cyberattacks or data breaches can be the difference between saving an organisation’s reputation or destroying relationships with stakeholders.
The response in the first 72 hours can determine if the damage will become irreparable.
Preparation is critical to managing cyberattacks and data breaches, and no effective response was ever created in a time of crisis.
Organisations need to know what data is being protected and how it’s being protected, and where there are risks and vulnerabilities in accessing information.