Responding To Cyber Breaches | Immediate Action Steps

Once a cybersecurity compromise occurs, its critical for organisations to have a plan to respond to adverse events.

The response actions should understand whether your current systems are capable of triage to understand the root cause of the cyber events.

Incidents should then be categorised and prioritised, by taking immediate actions to safeguard existing assets and limit any further compromise.

Communication to stakeholders in a timely manner needs considered as a priority, in consultation with legal advisors and / or insurance brokers.

When it comes to responding to cyber risks, Matrium helps with implementing & managing the following key measures:

Ensure Incident Management plans to detect cybersecurity incidents are categorised and prioritised for response
Incident Analysis to help determine the root cause & magnitude of the incident
Assist with Communication for internal and external stakeholders as required by laws, regulations, or policies
Perform activities to prevent expansion of an event and its effects by focussing on Incident Mitigation

Responding to a Cyber Incident

HOW TO RESPOND TO A CYBER ATTACK

Following consultations with experts in Cybersecurity, Legal, and Insurance sectors, there are four critical steps that outline the response process.

Contain

Limit the further compromise of personal information

Assess

Understand the data breach impact and its potential harm

Notify

Individuals and /or the Commissioner (if required under NBD)

Review

The incident and how to prevent future breaches

Incident Notification and Reporting

WHEN TO REPORT A DATA BREACH

Should your company be subjected to a data breach, it needs to be reported to the Office of the Australian Information Commissioner (OAIC).

An eligible data breach occurs when the following criteria are met:

There is unauthorised access to or disclosure of personal information held by an organisation or agency (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
This is likely to result in serious harm to any of the individuals to whom the information relates.
The organisation or agency has been unable to prevent the likely risk of serious harm with remedial action.

Is my business subject to the NBD Scheme?

Once you have determined a eligible data breach has occurred, the next step is to clarify whether you are a reporting entity under the NDB Scheme.

If you are a APP Entity (Australian Privacy Principle), then you have an obligation protect the personal information you hold under the Privacy Act.

In most cases, a small business operator (SBO) with turnover less than $3m in any financial year since 2001 is exempt. Nevertheless, certain regulatory and legal criteria require the SBO to be included in the NBD Scheme. Some examples are:

Holds health information and provides a health service
Is related to an APP entity
Trades in personal information
Is a credit reporting body
Is an employee association registered under the Fair Work Act

If an SBO engages in specific activities, it is required to adhere to the APPs and consequently must also comply with the NDB scheme, but solely concerning personal information maintained by the entity for the purpose of, or related to, those activities.

Those activities include such things as providing services to the Commonwealth under a contract or reporting under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

For more information and a comprehensive list of the criteria, please visit the NDB Scheme home page