The recent data breach involving the Qantas app, whereby some customers’ data (including names and even boarding passes) were displayed to other app users, raises an important point about cyber governance.
Technology risks shouldn’t be seen as separate from other business risks, technology is integral to business, and managing technology risk should be integral to managing business risk.
Qantas issued a statement saying that there was, at this point, “no indication of a cyber security incident”. That is an important reassurance insofar as it meant that there was no reason to believe that there was an attacker or “threat agent” with the potential to inflict further damage from inside Qantas’ systems or even steal or encrypt crucial data. However, it is a mistake to think of cyber governance purely in terms of measures to keep out malicious outsiders.
Cyber threats can of course also arise internally, whether in the form of deliberate attacks from insiders, such as disgruntled employees, or accidentally through careless or negligent actions. Threats can also arise from environmental issues or careless system design without the active involvement of an attacker.
Does your commercial planning account for what would happen in the event of your server room flooding for example? What about if there were to be a suburb‑wide power cut or internet outage? Is business cyber risk an afterthought, seen as a separate process? Is it something to be applied after an update or when a roll-out of a new system is completed? Or do you have cyber resilience built into your business culture at all levels?
Cyber security is of course a crucial part of cyber resilience, but it isn’t the only aspect, and it shouldn’t be thought of as separate. Cyber resilience is a key part of general risk management in a modern business environment. Managers and executives should strive to incorporate that thinking into all of their decision making and work hard to ensure a workplace culture that reflects that commitment.
To arrange for a no obligation conversation about how Law Wyze can assist you with building a cyber resilient corporate culture speak with us today, [email protected]