Cyber head questions “under-reported” risks

Cyber head questions “under-reported” risks | Insurance Business Australia

Cyber head questions “under-reported” risks

The head of a specialist cyber security firm has questioned the accuracy of recent data published by the government, saying one of the most significant threats appears to be under-reported.

Ahmed Khanji, CEO of Gridware Cybersecurity, suggested figures collated by the Office of the Australian Information Commissioner (OAIC) may not truly represent the risk of insider threats.

The latest OAIC statistics found malicious attacks were responsible for 57% of notifiable data breaches (NDBs) while human error was responsible for 37%.

However, Khanji’s research pointed to insider threats as a more pressing risk.

“Contrary to what’s being reported to OAIC, we’ve found employees are the greatest threat,” he told Emergence Insurance’s latest webinar for brokers. “Consider who has access to your customer lists and email contacts.”

A global study conducted by Willis Towers Watson and ESI ThoughtLab earlier this year found that 87% of executives viewed untrained staff as the greatest cyber risk to their businesses.

Despite this, staff training was found to have made minimal progress when measured against the US-developed, voluntary National Institute of Standards & Technology’s cyber security framework.

“As humans, we keep finding new ways to make mistakes,” said Gerry Power, head of sales at specialist cyber insurer, Emergence. “But, with sound risk management in place, many breaches can be prevented.”

Power also reiterated the risks around poor employee training, and called for better education.

“Employees are the last line of defence, they must be educated to identify such things as dodgy emails and suspicious invoices,” he said.