The technology sector is continuing to innovate at a fast speed. However, a lack of effective cyber security is calling into question the reliability of technology companies, their leadership and the new technologies they create. The lack of cyber security results in security breaches that end up in the news headlines.
There currently isn’t a whole lot of legislation that forces technology businesses to do better, unless they’re operating in a regulated industry such as financial services, healthcare, transport such as maritime or some other form of critical infrastructure.
For all the others it really depends on their appetite for risk and the need to provide boards and/or customers with assurance that they’re suitably protected. The industry standard that is often relied upon is ISO/IEC 27001 as it explains how to implement a flexible information security program that includes e.g. asset management, risk management, program evaluation and incident management.
Most importantly, don’t forget about the Australian Privacy Act if you handle personal information (customers and/or employees). A structured information security program will help demonstrate you’ve taken reasonable steps to protect sensitive personal information including customer identity information and financial transactions which both represent sensitive personal information as defined in the Act.
Get in touch to arrange a demonstration, discuss complex requirements or provide feedback.