CROs to the fore as cyber risks grow
Chief risk officers will take centre stage as cyber threats are increasingly considered “key operational risks” rather than “information technology risks”, according to Aon.
Its Cyber Security Predictions report says while Australia is yet to see a large-scale data breach, social media has made companies aware of potential impacts such as reduced earnings, operational disruption and claims against directors and officers.
Consequently, directors are expected to take a more active role in cyber security this year, along with increased adoption of standalone cyber insurance.
Regulators are expected to more strictly enforce cyber-security rules and increase compliance pressures by introducing new ones.
Mandatory data breach notification rules take effect on Thursday, and the Office of the Australian Information Commissioner has issued guidelines on how to prepare for privacy incidents with a cyber-incident response plan.
Aon says Australia has seen the same increase in criminal cyber attacks on SMEs as other countries, but this has not extended to industrial control systems used in the mining, resources and utilities sector.
These systems are often protected because they are on separate, private networks, but they are being increasingly connected to IT networks without the same level of security as office and internet-facing systems.
Aon predicts Australian companies will increasingly adopt “bug bounty programs” – under which employees and contractors who identify weaknesses in systems are paid a reward – to protect themselves from criminals who target transactions.