The regulatory landscape is evolving rapidly to meet the ubiquitous threat landscape and compliance is never a tick box exercise – it’s about optimising efficiencies whilst mitigating risk through the implementation of robust and repeatable controls.
Cyber Security Compliance management requires a company-wide approach towards information security and IT Risk Management, underpinned by a fundamental change in a collaborative risk-awareness culture, designed to continually enhance cybersecurity maturity and business initiatives.
Cyber Resilience Assessment
Unfortunately, most companies are breached due to a false sense of security, or misguided assurances from their IT Manager or IT Provider that their company is protected from cyber-risk because of their firewall, advanced software or hardware solutions. Unfortunately, most threat actors will target your company’s weakest link – your people, processes and procedures.
The simplest and most cost-effective way to gain clear visibility over your company’s risk exposure is through an independent 360° “whole of business” gap analysis and risk assessment of your Information Security posture. Our Cyber Resilience Assessment (CRA) is not an IT Audit or Penetration Test – nor is it a “tick and flick” self-assessment. It’s a comprehensive deep dive into your organisation, designed to identify staff awareness, gaps in policies and procedures, cyber-risk, and areas of potential non-compliance relating to your information security posture.
The Payment Card Industry Data Security (PCI DSS) Standard is a global standard mandated by the leading Card Schemes. PCI DSS assists in protecting consumer credit card data by reducing the risk of data breaches and payment fraud. Preventing breaches isn’t just about good corporate citizenship – it’s actually the responsibility of every entity that accepts or handles credit cards.
Protecting this highly sensitive and valuable information must be integral to your data security strategy as failure to introduce and maintain appropriate payment security standards could result in your company receiving significant fines and suffering serious brand and reputational damage.
No matter where your company is along its PCI DSS compliance journey, Cyber Audit Team (CAT) are here to assist with all aspects of information security and cybersecurity regulatory compliance requirements.
Notifiable Data Breach Scheme
With daily headlines and ubiquitous information relating to data breaches is not a question of if, but when your business is going to be breached. Suffering a data breach will not always lead to a catastrophe however, mishandling your company’s response most certainly will.
Changes to the Privacy Act 1998 (Cth) now include mandatory Notifiable Data Breach (NDB) legislation, which became law in Australia as of 22 February 2018. Company’s no longer have the option of keeping quiet following a data breach, with potential penalties for non-compliance of $420,000 for each director and $2.1 million for businesses. The Act mandates the data breach be investigated, with disclosure of data breach to the regulator as soon as practicable, and to all affected persons within 30 days of discovery of the breach.
In April 2016, the European Union adopted the General Data Protection Regulation (GDPR), becoming globally enforceable as of May 2018. GDPR is the most comprehensive piece of privacy legislation developed by any jurisdiction to date and goes beyond the requirements of Australia’s current privacy regulations, expanding the requirements of storing personal data, improving information governance and imposing more stringent sanctions on organisations that suffer a data security breach.
Non-compliance penalties are significant, with fines of up to €20 million (approximately AUD$30m), or 4% of global turnover (whichever is greater), plus other sanctions including the ability to halt trading in the EU.