Appraising a data breach.

29 November 2021 | Reading time: 2 minutes

There is a proliferation of ransomware attacks, with reports of a 200% increase in attacks against Australian organisations in recent months. On a global scale, the average cost of cybercrime continues to rise, according to the latest ‘Cost of a Data Breach Report 2021’ by IBM and the Ponemon Institute.

The cost of a data breach may be made up of:

  • legal, regulatory and technical activities;
  • loss of brand equity;
  • customer turnover;
  • drain on employee productivity; and
  • other non-economic loss.

Organisations should also consider the damage to reputational intangible capital as a further ramification of an average data breach.

It has been shown that cyber mismanagement may be a key contributor to significant monetary risks to corporations. Organisations are encouraged to mitigate risks of a data breach by addressing cybersecurity and implementing comprehensive data breach prevention strategies. These strategies should in turn be integrated into policies and statements tailored for consumers, employees and contracting parties of the organisation, for example:

Document Description
Privacy policies a statement that explains how an organisation handles personal information.
Collection notices a statement that is provided to individuals at or before an organisation collects personal information.
Data retention policy a statement that outlines the type, location and duration of the data being stored and / or archived.
Data subject request policy a written or verbal request by an individual for access, correction or removal of their personal information held by an organisation.
Privacy and data security agreement an agreement that places obligations on a contracting party to implement appropriate privacy and data security.
Data breach response plan a plan that outlines the course of action intended to reduce the risk of unauthorized data access and mitigate the damage caused if a breach does occur.

If you need assistance to develop or update privacy and data policies and statements for your organisation, the Bespoke team is here to help.