Are you cyber ready?
Australian businesses grapple with cyber resilience in 2024
Herbert Smith Freehills Cyber Risk Survey
In a survey of over 160 in-house legal leaders, 80% of respondents told Herbert Smith Freehills that the cyber threat to their organisation has increased in the last 12 months, but the preparations required to meet the challenge are still in need of work.
58% of respondents believed it would take an actual cyber incident to meaningfully improve their organisation’s focus on data risk management.
“My concern is that those businesses, and those on the front line of cyber response, are fatigued” says Herbert Smith Freehills’ partner and APAC Cyber Security Head Cameron Whittfield.
“Operating with a constant and changing threat can create uncertain priorities, from the board to the management team and through to the frontline staff.
“We are continually hearing cyber ‘wake-up calls’ and that cyber is a business-critical consideration but managing investment decisions and assessing what ‘good’ looks like remains a significant challenge.
“Respondents to our survey told us they would like clear guidance on best practice, so that they can manage reputation risks, adequately protect their supply chains, and make sound investment decisions.
“In our experience, in-house legal teams are often front and centre when an incident occurs, and legal expertise is central to response. This is particularly so given the clear legal risks that may exist well after an incident has been triaged.
“We see the need to acknowledge many cyber risks can be mitigated through basic cyber hygiene and these mitigants involve technology or IT solutions.”
Survey respondents listed reputational risk as their top cyber risk concern ahead of third-party risk, underinvestment in systems or infrastructure, aged data stores, and lack of cyber expertise.
“The leaders we surveyed are very attuned to the reputational damage that can flow from a cyber incident, but not all of their businesses are investing in the right level of preparation to mitigate that risk” observes Herbert Smith Freehills’ partner and governance expert, Carolyn Pugsley.
“One of the survey findings that most surprised us was that 50% of boards had not participated in a cyber simulation. Managing reputation risk is a critical task for boards and navigating an incident response in a manner that helps protect reputation and re-establish trust is a difficult balancing act.
“While management will take the lead in responding to an incident, a well-prepared board will become a response enabler through sound, rapid judgement calls.”
Close to 60% of survey respondents shared that they are concerned about the risk of class action following a cyber-incident in their business, with consumer sector respondents highest.
“Cyber-incidents are followed by increasing material litigation risks that can be minimised with planning” shares Herbert Smith Freehills partner in contentious privacy and data disputes, Christine Wong.
“There is a trifecta of risk, where we see potential regulator investigations, flow to prosecutions, then class actions litigation – either consumer, shareholder, or both.
“With 83% of survey respondents that are “very concerned” about their data collection and retention practices also concerned about class action, the link between the source of liability and appropriate data collection and retention practices has been highlighted.
“Litigation risk can and should be planned for, making decisions ahead of a cyber incident on how privilege applies can not only remove risk but ensure effective response.
“We are increasingly working with corporates who are considering litigation tactics such as injunctions in their preparations, as another tool in their cyber response arsenal.”
Australian businesses grapple with cyber resilience in 2024
Herbert Smith Freehills Cyber Risk Survey
For further information on this news article, please contact:
Leading international law firm Herbert Smith Freehills has advised Africa50, the pan-African infrastructure investor and asset manager, on its strategic …
Herbert Smith Freehills and Paul Weiss Rifkind Wharton & Garrison have advised the Ardonagh Group (Ardonagh) on its agreement for investment by funds …
Leading international law firm Herbert Smith Freehills has advised Anergi, a diversified African power company that develops, owns, and operates power …
We’ll send you the latest insights and briefings tailored to your needs