Thales Cloud Protection & Licensing (CPL) division recently released the results of its Global Data Protection survey which looked into data protection standards across the world, and found that half of Australian and New Zealand businesses failed a compliance audit in the last 12 months.
Meanwhile, 77% of surveyed firms didn’t know where all their data was stored, and only 25% could fully classify their data.
ANZ director Brian Grant (pictured) noted that insurance and financial services is one of the biggest sectors it deals with, and while Australia and New Zealand have similar data protection controls in place, there was clearly a lot that still needs to be done by individual companies to get their controls up to scratch.
“Globally, more organisations are being mandated to become more compliant with security regulations, and New Zealand is no different,” Grant said.
“New Zealand has some specific legislation which mandates that companies need to do things in a certain way in terms of their security controls, and these standards are often common between countries.”
“The Australia and New Zealand governments have similar controls, especially for the insurance industry,” he explained.
“The problem has been not so much with them, but with the fact that they’re actually not working. There are still too many breaches and too many successful cyberattacks. We’ve got to do better, and we’ve got to encourage organisations away from just ‘ticking boxes’ to actually thinking strategically around how they can make themselves more secure and manage their risk more effectively.”
Grant noted that insurers in particular handle large amounts of sensitive information and data, and if these trends continue, the industry runs the risk of losing trust with the general public - something which could have dire consequences for both sides of the table.
“Insurers use their own measuring processes to evaluate risk for their clients, and they can bring a lot of intelligence and insights,” Grant said.
“If we don’t do something about securing that intelligence, we could get into a situation where insurance organisations may become untrusted from a security perspective. That would be very bad for everybody.”
“It would be bad for the insurers, because they won’t be able to get the information they need to provide insurance to people, or they may find that people stop taking out insurance altogether,” he said.
“That is not an outcome anyone wants. What I’d like to see is a recognition within the leadership of insurance companies that they are responsible for data and risk aversion, and they can then start looking at making that a part of their systematic risk management.”