Cyber Attacks: Why we blame the business and not the attackers

1 min read
Handcuffs and a combination lock on a keyboard; cyber attack prevention.
Jump to...

Rather than businesses being perceived as a ‘victim’ of cyber attacks, growing public perception is that they are ‘failures’ who did not have adequate cyber security measures in place.

THE TRUE COST OF CYBER-ATTACKS

While the cyber attacker maintains anonymity, a business’s good name and reputation is irreparably harmed as the public loses trust. This can then lead to a downturn in revenue and, in some circumstances, can cause a once successful business to completely fail.

In something of an Australian first, ASIC recently commenced proceedings against a company that was the victim of a cyber-attack. ASIC alleges, in particular, that the company failed to implement appropriate policies and systems to prevent cyber attacks.

This, as much as anything, demonstrates the increasing pressure on businesses to ensure that they are not bystanders when it comes to cyber-security.

WHAT CAN YOU DO?

From January 2021 to June 2021, 30% of all data breaches notified to the Office of the Australian Information Commissioner (OAIC) were attributable to human error.

It is vital that businesses have sufficient measures in place to mitigate employees inadvertently exposing an organisation to both an attack and the flow-on effects from a data breach.

Strategies might include:

  • Data Breach Response Plan: This is a planning tool that identifies and explains the procedure your organisation will follow when responding to a data breach.
  • Cyber Security Policy: This explains the procedures your organisation will following when handling sensitive information, how to use the technology that keeps it secure, outlines security measures, including password requirements and identifying spam/scam emails and outlines how employees can prepare for a cyber-attack.
  • Appointing a Privacy Officer: This will be a senior staff member that other employees can approach regarding any cyber security issues. The Privacy Officer should have a clear role description and list of responsibilities.
  • Updating all Policies: All company policies and procedures should be regularly reviewed and updated to ensure it accounts for cyber security protection measures, including the Employee Code of Conduct, Social Media Policy, Anti-Discrimination and Harassment Policy, etc.

MANDATORY NOTIFICATION IN NSW?

On 7 May 2021, the NSW Government released a draft Privacy and Personal Information Protection Amendment Bill 2021. If this is passed, it will make NSW the first state to implement mandatory notification of data breaches.

The intention is to create new standards of accountability and transparency in organisations in relation to their protection of personal information. Whilst this would only apply to an APP entity (an agency or organisation which must comply with obligations under the Privacy Act 1988 (Cth)), such a move again places the onus on businesses to protect themselves from cyber attackers and completely ignores the accountability of anonymous cyber attackers.

Evidently both public perception and political decision making appear to be moving to place all responsibility on businesses to have sufficient cyber security measures in place.

For these reasons, it is also imperative that businesses ensure all computers, phones and other electronic devices are protected with adequate security technology such as the Red Piranha Crystal Eye product.

If you wish to discuss any cyber security issues in relation to your business, please contact PBL Law Group.

Loading

Loading

Last Updated on March 30, 2025
Picture of Authored By<br>Raea Khan
Authored By
Raea Khan

Director Lawyer, PBL Law Group

Jump to...

Book a 15-Min Consultation​

Rated 5-Star By Our Clients

Latest insights & Practical Guides

Speak to us Now or Request a Consultation.

We will call you within 24 hours.

How Can Our Expert Lawyers Help?

Strata Law

Property and strata disputes, building defects claims, setting up new Owners Corporations and more…

Construction & Building Law

Construction and building disputes, building defects, delays and claims, debt recovery and more…

International Estate Planning

Cross-border estate planning, international wills and trusts, tax-efficient wealth transfer strategies and more…

Commercial & Business Law

Starting and scaling your business, banking and business financing, bankruptcy and insolvency and more…

Planning & Environment Law

Environment and planning regulation, land and environment court disputes, sub-divisions and more…

Wills & Estates

Creating, updating and contesting wills, estate planning and administration, probate applications and more…

Thank You For Your Request.

We’ve received your consultation request and will contact you within the next 24 hours (excluding weekends).

Google 5-star review: Excellent