CORPORATE CYBER SECURITY AND THE LAW: TRENDS TO LOOK OUT FOR IN 2020

Corporate Cyber Security Law Trends 2020

CYBERSECURITY AND DIRECTORS’ DUTIES

Company directors are no longer allowed to remain ignorant in regard to cyber security as it is a forefront threat faced by every business. Directors need to be proactive in their approach to cyber security by ensuring they have the necessary knowledge and understanding of cyber security threats to be able to establish and implement the necessary practices to protect the organisation. Without effective practices, including oversight and accountability, organisation’s cyber security governance systems, policies and procedures can be rendered meaningless, leaving the enterprise vulnerable to attack and directors’ can no longer claim ignorance to any allegations and claims made against them.

THE IOT (INTERNET OF THINGS) CHALLENGE

Simply put, the internet of things is connecting everyday “dumb items” i.e. heaters, lights, etc to a network connected to the internet allowing the items to ‘talk’ to one another. As with any device or network connected to the internet, IoTs are susceptible to the possibility of being hacked. Beyond the data breach that can follow as a result of hacking, there is also the issue of unauthorised surveillance.

SHIFTING ATTACK VECTORS & CYBER HYGIENE GROWTH

An attack vector is the ‘path’ that hackers will utilise to gain access to a device or network to penetrate the system. The attack vector is not stagnant and the ongoing shift of attack vectors — from the networks to individual users — is requiring organisations to be vigilant in the management of cyber security. Largely in part by the awareness of many organisations recognising that their personnel (individual users) are often the weakest link.

  • an organisation failed to mitigate or remedy the damage of the breach; and
  • an organisation fails to notify affected individuals and regulatory of breach notification pursuant to the relevant legislation (i.e. as of 23 February 2018, any breach considered to be ‘eligible data breach’ must be reported to the Office of the Australian Information Commissioner and any potentially affected individuals).
  • regulatory investigations and penalties; and
  • increase of insurance premiums.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store