This month we heard from Privacy Commissioner John Edwards that data breach notification is set to become mandatory in New Zealand. This is welcome news and a positive sign that the issue of data security is being elevated to its rightful place as a top priority for New Zealand businesses, who have long lagged behind the rest of the world in this area.
A higher standard of transparency will lift performance
Mandatory data breach notification means all businesses will be held to a high standard of transparency and will be publicly accountable for the robustness of their information security. News of the law change should give New Zealand businesses the impetus to improve their data security position, bringing us up to speed with our major trading partners. Not only will robust information security strategy and processes become a requirement of doing business, I believe they’ll also very quickly become a mark of quality and a competitive differentiator.
Information security is a business risk problem - not an IT problem
Too often, the message I hear from business leaders is that information security is an ‘IT problem’. This is simply not true; information security is a business risk issue that deserves to be front and centre of board level conversations. Intellectual property and customer information are highly valuable commodities - arguably more valuable than physical assets - and the appropriate time and resource ought to be devoted to their protection. When you consider what’s at stake, the prevention, detection and management of security threats is already central to good governance for any business - even without the risk of serious reputational damage caused by the mandatory disclosure of a breach.
The risks and the threats are real
In our current environment, it’s easy for businesses to avoid confronting the reality of cybercrime. With the veil of secrecy lifted, CEO’s will quickly become aware of just how prevalent attacks are. Complacency will be replaced by a sense of urgency, as businesses begin to play catch up.
The threat landscape is constantly evolving, so data security requires constant vigilance and improvement to prevent, detect, and manage threats and breaches. I expect to see an uplift in outsourcing activities as companies begin to understand the time and cost to do it well, and the risks involved in attempting to manage it without a specialist dedicated security operations centre.
With data breach notification legislation just around the corner, it’s become even more urgent than ever for New Zealand businesses to make sure they’re giving themselves the best possible chance against security threats.
Origin Security has the people, processes and technology to keep you safe and secure. Find out more here.