Small and medium-size enterprises (SMEs) that do not adjust to rising expectations in industry and government risk being left behind.
According to The Office of the Australian Information Commissioner, between February and July 2018, Australians were the victim of no less than 300 major data breaches; highlighting the private information of Australians is being compromised on a daily basis.
The increasing volume of technology has enhanced the likelihood of cybercrime. As technology continues to evolve, so too does the sophistication of hackers. However, for many small-to-medium enterprises (SMEs) and their leaders, the perceived threat is unlikely, or worse, too big or too difficult to address. This has created a dangerous, high-risk environment for businesses that aren’t protected. CEO of information technology company Unisys, Peter Altabef says, ‘Nations need to treat cyber security in the same way they treat national security,’ and the story is no different for small to medium enterprises.
What was once a small responsibility of the IT department; the size, shape and scale of cyber security has grown well beyond a single department’s responsibility. With the potential to bring down an entire business with one small breach or attack, cyber security is now firmly in the CEO’s remit.
Recent research reveals cyber security is both an increasing area of concern and a territory of little action for CEOs across Australia and New Zealand. The findings highlight the reality of cyber security among SMEs and demonstrate the urgency for business leaders to learn to manage and protect data from external threats; however small that perceived threat may be.
For CEOs, the importance lies in understanding that cyber security isn’t a tech risk, it’s a business risk, and leaders must take the lead on protecting their businesses’ reputation, productivity and bottom line. Leaders that have proactively addressed cyber security are best placed to minimise the threat to their businesses; safeguarding their reputation, IP, people, productivity and business growth. Click To Tweet
By stepping back and prioritising the focus for the business and employees, leaders can develop a framework that works for them. Ensuring the right internal and external partners are in place and implementing thorough management and response plans to protect the business puts leaders on the front foot when it comes to cyber security.
Tony Barnes, Managing Director of Cyber Research Group recommends that there are two key questions CEOs must ask themselves, and the business, continually to enable them to manage this risk:
- Does the business treat cyber security as a material business risk and monitor it accordingly?
- When an incident happens (and it will) can the business detect, respond, control and recover from it, and does it have the resources in place to achieve this?
A five-step process helps leaders to do this, and also encourages cyber security to be a company-wide initiative:
SMEs need know, how to assess the business risk of a security event before it happens and how to develop a cybersecurity defence strategy that fits the business’s needs.