Australian government research shows cyber-crime is costing the Australian economy approximately $3.5 billion a year.

In fact, the government is considering whether to impose personal liability on corporate directors for the cyber-attacks on their organisations.

While cyber-risk has been a key issue for many years, research shows that corporate boards do not appropriately understand it—creating a much larger risk for the Australian economy.

Governments Get Tough on Cyber Criminals

Information governance and cyber security must become part of a company’s internal compliance program. Otherwise, boards will face much greater scrutiny, potential regulatory investigation and greater difficulty in taking out insurance—both cyber and D&O.

Operation Orcus was also recently established to combat ransomware attacks. Orcus is a new cross-agency taskforce led by the Australian Federal Police alongside the Australian Cyber Security Centre, the Australian Criminal Intelligence Commission and AUSTRAC. Orcus replicates a similar initiative in the US, led by the Department of Justice, which has been solidified through a rewards scheme.

A similar trend can be seen in New Zealand, with the OPC ending its “grace period” for agencies to adapt to the new Privacy Act. The new guidance includes a 72-hour notification period for loss or denial of access to personal information, along with potential prosecution for those committing a breach.

What Is Information Governance?

Information governance is the overall approach taken to manage information across an organisation, and evaluating the value of your data as well as the risk that it presents.

A new Information Governance Reference Model provides a framework for defining a unified information governance approach by showing the link between value and duty to informational assets. The IGRM diagram is a responsibility model. It helps data management teams identify the stakeholders and define their respective stake in information, and highlights stakeholder interdependence.

The IGRM shows that information governance is now an organisational responsibility, with various departments having different end goals for informational management. It also shows the importance of a companywide information governance framework (including central policies and procedures) for helping employees handle data, giving them access to the information they need, improving legal compliance, and reducing storage costs.

How to Improve Information Governance

With the implementation of the Notifiable Data Breaches scheme in Australia, it’s become even more imperative that businesses are prepared for cyber-attacks and establish a good internal information governance framework – especially identifying what is important, assessing your current state and then making a plan.

The legal risks associated with unmanaged information are significant. Data can be spread across multiple repositories, countries and formats and contain various kinds of personally identifiable information (PII).

However, as companies and their data volumes grow, scalable information governance has become more challenging. Luckily, technology can help.

An enterprise information governance SaaS solution, like Introspec, provides a single dashboard to identify, access, search and manage data across an entire ecosystem. Connectors utilise machine learning to govern data in email environments, network storage, cloud repositories and collaboration platforms – automatically identifying redundant or at-risk data (e.g., PII, trade secrets, etc.).

The use cases for a centralized platform include:

Reducing Cyber Threat Vector

Over 50% of a typical company’s data footprint is composed of redundant, obsolete and trivial data (ROT). Introspec will identify and remediate ROT, which has no commercial value but materially increases your company’s “attack surface.” Simply stated, less data means less risk.

Streamlining Data Privacy

Automatically detect PII/PHI across the company’s IT ecosystem. Streamline any potential cyber breach response workflows and automate FOI requests (e.g., DSARs) for any company with customers in Europe.

Protecting Trade Secrets

Identify trade secrets and confidential business information across your digital platforms to control its spread and ensure it’s maintained in a secure manner.

Partnering with information governance consultants gives you access to a team of experts who will alleviate your company’s Big Data pain points by mitigating the challenges associated with e-discovery, privacy and information security.