The inaugural Canon Business Readiness Index on Information Security is a comprehensive study that examines the digital readiness of Australian businesses with specific reference to the new data breach notification laws coming into effect on 22 February 2018.

The study, conducted by GfK Australia in January 2018, reveals some worrying trends.

The current level of concern of many businesses is too low, particularly for small businesses with 15% saying they are not at all concerned about a security breach occurring. With cyber crime growing in sophistication and volume day by day, this is a perception that is out of sync with the reality of the risk landscape.

Many business just aren’t prepared enough when it comes to their information security, particularly small businesses. Only 40% of all businesses have 6 or more of the Australian Signals Directorate Essential 8 (ASD8) strategies in place and this decreases to 27% for small businesses. Of particular concern, 12% of small businesses have absolutely no ASD8 strategies in place, which not only leaves their business open to attack, but also has serious implications for their customers, suppliers and partners.

Many Australian businesses need to increase their understanding of information security and put better protection measures in place. Failure to do so could risk compromising their confidential data, expose them to hefty fines and lead to significant reputational damage. So, how will your business measure up?
Report highlights
  • icon-business-partners

    Businesses are concerned – but is it enough?

    38% of Australian businesses are ‘extremely’ to ‘very concerned’ that they could suffer from a security breach within the next 12 months. Small business appear less concerned with only 21% extremely/very concerned and alarmingly 15% not concerned at all.

  • Error notification email icon

    Businesses not aware of new mandatory reporting laws

    Less than half of the businesses (41%) affected are aware of the upcoming changes to the Privacy Act that will make it mandatory to report certain data security breaches. Only 1 in 5 small businesses said they were aware of the changes.

  • security icon

    Australian businesses not fully protected

    Only 40% of Australian businesses have implemented six or more of the Australian Signals Directorate Essential 8 (ASD8) strategies to mitigate cyber security incidents and just 18% reported implementing all 8. Worryingly, 12% of small businesses implemented none.

  • icon-troubleshooting

    More assessments needed

    A risk and management assessment should be the starting point for any security journey, but only 56% of Australian businesses have done so. Businesses recently assessed are more likely to be concerned about their security because they have a better understanding of their risks.

  • icon-manage-products

    Technology seen as the weakest link

    Small businesses see technology as the biggest vulnerability in their information security, but larger organisations have a more balanced understanding of the risks across their people, processes and technology.

  • icon-printers

    Print security falling behind

    While 84% of businesses are aware of printing related security threats, only 4 in 10 businesses have their printers secured. Small businesses are less aware of printer security issues with 31% not aware of risks vs. 5% of larger businesses.

  • You'll never feel more protected icon

    Policies and training lacking

    Only 56% of Australian businesses have a documented internal IT security/cyber security policy for employees, with only 55% investing in security training. Small businesses are even less likely to have these protection strategies in place.

  • Icon-Error-Code

    Most common breaches

    The most common security incidences in last 12 months were viruses, spam, malware/spyware, phishing and ransomware. On average it took 24.7 days to detect a data breach.

Call us to see how we can help with your business: 1300 620 856