Security News > 2024 > May > CISOs in Australia Urged to Take a Closer Look at Data Breach Risks

Steenkamp said he has observed many Australian organisations are yet to assume the "Paradigm shifting" view of risk around data estates that is necessary for future data governance, and soon, local CISOs could be caught in the regulatory crosshairs as a new global wave of regulatory action breaks on local shores.

He recommends organisations get on top of data estates using measures like better classifying data records, asking whether data needs to be retained and minimising data through data disposal.

While he said there is awareness in Australia around the nation's Privacy Principles, a lower volume of regulatory action means organisations have not yet "Felt the pain" in the form of fines or penalties - like CISOs or board members being held accountable - so the risks of data are not fully accounted for.

If organisations are not addressing the broader risk aspects of their data holdings and putting in place data governance and security controls to minimise and mitigate the risk, Steenkamp said what the UnitedHealth hack shows is that the "Viability of the organisation is potentially harmed."

Steenkamp recommended leveraging diagnostics and technologies to help identify where data holdings are and then to go about minimising that data, particularly where it is sensitive data such as health data or personally identifiable information.

While it can be tempting to avoid this by asking if it is really a legal issue or a board issue, Steenkamp said if data is exposed, the first question a board will ask is why they were not informed or given necessary insight into the risks around data.

News URL

https://www.techrepublic.com/article/data-breach-risk-australia/