Australian companies continue to underrate potentially serious and costly risks such as cyber breaches, according to Aon’s 12th annual Australasian Risk Survey.
Aon surveyed 380 businesses operating in 15 industry sectors and asked companies to rank their top key business risks.
Local economic conditions and regulatory change ranked in the top three for all companies however Jason Disborough, managing director global for Aon Risk Solutions Australia, said it worried him that companies continued to rank the threat of cyber risk at number 15 or lower.
“It was really surprising to see that some of the risks we would consider to be quite serious, rank so low,” Disborough said.
He suggested low ranking cyber breaches could indicate a lack of awareness of the potentially serious consequences.
He said that the recent experience of Target in the United States served as a powerful example of what can happen when the risk of cyber breaches is not adequately mitigated. In that case, nearly 40 million customer records were stolen, including sensitive debit and credit card details.
“And this is despite the fact that privacy laws in the US are far more advanced than they are in Australia. Our privacy laws have recently been strengthened, and it’s clear that we are moving towards a US-based model, but cyber risk remains a real concern.
“What worries me is the possibility that some companies may not see the link between cyber risk and brand damage, given that brand and image has for the last 12 years been consistently ranked in the top five risk concerns for Australasian organisations across all industries and sizes,” Disborough explained.
Social media risk also ranked very low.
“One explanation is that some may still be grappling to understand how to harness the power of social media as a form of communication. This is particularly true in the business-to-business sector, where the use of social media is still in its infancy,” Disborough said.
“Sometimes the risks and assets that form part of ‘business as usual operations’, such as critical and sensitive customer data, are the very ones that organisations tend to overlook,” he added.