Just in case you missed it in February, if you have personal information in your computer systems, you are now required by law to notify those individuals affected by a data breach.
The Privacy Amendment (Notifiable Data Breaches) Act 2017 came into effect on 22 February, this year.
You must not only advise the affected individuals of the potential serious harm they face, but also the recommendations about the steps they should take in response to the breach.
To bring greater reality to your thinking, ransomware damage costs exceeded $5billion in 2017; up $325million from 2015, with the probability of attacks on healthcare organisations to quadruple by 2020.
When organisations are forced to pay ransomware amounts of $1 Million (the largest known payment for ransomware), it is not hard to imagine why the total cost of cybercrime is now expected to hit US$6 TRILLION by 2021.
To add to that, the current furore over Cambridge Analytica, the political data firm used by President Trump in the 2016 US election, and how it gained access to more than 50 million Facebook users for political campaigns, highlights the message even further.
This message to CEOs, CFOs, CIOs, Risk Managers and Boards is now clear - you are kidding yourself if you think it’s a question of “if” an attack will happen, and not “when” it will happen.
You need to now look carefully at your Risk register and your Incident Response and Business Continuity Plans to ensure you are prepared for a reputational hit.
The growth of the internet and social media has meant that the good reputation you have built can be destroyed in minutes, compounded by the perception you have created with your stakeholders as to how well you have managed your response to an incident.
Perception is now the reality to reputation. Whilst your Brand says what you say you do, perception is what the public think of what you do, and reputation is how the public rate what you do.
To get an insight into perception and the five steps you need to take in managing it before, during and after an incident contact RMA today.