Practices underprepared for cyber attacks

The Midwinter subsidiary Kamino conducted a survey of financial services practices and found only 32 per cent of respondents were aware of the introduction of mandatory data breach reporting requirements that came into effect in February 2018.

These reporting requirements necessitate that businesses report any eligible data breach to affected clients and the Office of the Australian Information Commissioner.

Additionally, 45 per cent of survey respondents reported they’d previously suffered a ‘cyber security incident’, which Kamino and Midwinter director Julian Plummer said was “highly concerning” given the lack of awareness around data breach requirements.

“These laws will have a huge impact on the businesses affected. This lack of awareness of the laws most likely translates to an overall lack of preparedness for the changes now in effect, which is worrying considering the ramifications of a cyber breach incident on a financial planning,” he said.

Mr Plummer said “most respondents appeared to have a very good understanding of what is at stake”, but that few have made adequate preparations to protect from a cyber attack.

“Customer information is of the utmost importance, and the survey revealed that business owners realise that their brand must be protected from being tarnished by cyber incidents, which could lead to direct revenue loss,” he said.

“However, this has not been reflected in the preparations and processes which should be set in place to protect advisers, accountants and superfunds from potential cyber attacks.”

Mr Plummer added that human error is one of the biggest weaknesses in a business’ cyber security, but only 28 per cent of respondents were confident in their staff’s cyber security hygiene.