Cybersecurity was a key issue for 2018 as companies and governments continued to navigate how to best protect personal information. What do the top 5 cybersecurity trends mean for Australian businesses in 2019?

Businesses operating globally now need to comply with an increasingly complex web of mandatory data breach notification regimes.

Companies should make sure that they know their service providers well, monitor and update security measures, and establish and enforce robust contractual protections.

Australian regulators are likely to follow their counterparts abroad and increasingly bring enforcement action for data breaches.

Minimise the risk of these attacks by ensuring that files are regularly backed up, employees are trained to recognise these attacks, and that systems are regularly tested for vulnerabilities.

There is a disconnect between consumer expectations and actual practice in handling data leaving companies open to significant reputational damage and regulatory scrutiny.


Law firms Allens recommends a five step process for a fit-for-purpose data strategy:

  1. An agreed set of data management principles is crucial. Successful data strategy relies on agreed principles deployed consistently at all levels of the organisation, from CEOs making decisions on third party data sharing to sales assistants entering customer details into databases.
  1. Develop a comprehensive map of data use cases at your organisation and ensure these uses are made clear to customers in a simple and engaging manner. It should be immediately obvious to your customers what they are signing up for – how their data is collected, how it is used, when it might be shared with third parties, how it might be commercialised, how it is protected and when it will be retired.
  1. Empower your organisation to communicate value to consumers. Meaningful communication of the value transaction taking place when data is shared is an essential counterweight for transparency. Consumers need to know how their data will be used, but also what they’ll get in return. Forty‑one per cent of Australian consumers are comfortable allowing a trusted brand to transfer their information to third parties if there are clear benefits to doing so.
  1. Banish ‘set and forget’ – regularly updating your organisation’s policy and practices is important, but frequently forgotten According to Allens’ recent research, almost half of ASX 200 privacy policies have not been updated in the past two years. In fact, approximately 20 per cent of ASX 200 companies have not updated their privacy policies since 2014, when the most recent overhaul of privacy legislation took place. Four per cent don’t have a publicly available privacy policy at all.
  1. Data strategy is worthless without best practice cybersecurity. As organisations continually find new and more innovative ways of working with data, cyber criminals are finding more sophisticated ways to access it. Put simply, there’s no point investing in data if it’s not secure. Your data will be worthless if it is already accessible in the market. More importantly, the erosion of trust with your customer base in the event of a breach could be fatal.

Read the full Allens report here.