Today marks the beginning of strict data breach legislation in Australia but a recent survey has found only half of Australian businesses have a risk management strategy to deal with cybersecurity

Fewer than half of the businesses (41%) affected by the Notifiable Data Breach (NDB) are aware of the upcoming changes to the Privacy Act that will make it mandatory to report certain data security breaches.

And yet, 38% of Australian businesses are ‘extremely’ to ‘very concerned’ that they could suffer from a security breach within the next 12 months, according to new research from GfK.

”A risk and management assessment should be the starting point for any security journey, but only 56% of Australian businesses have done so. Businesses recently assessed are more likely to be concerned about their security because they have a better understanding of their risks,” said the report.

Did you know? The most common security incidences in last 12 months were viruses, spam, malware/spyware, phishing and ransomware. On average it took 24.7 days to detect a data breach.

Only 40% of Australian businesses have implemented six or more of the Australian Signals Directorate Essential 8 (ASD8) strategies to mitigate cybersecurity incidents and just 18% reported implementing all 8. Worryingly, 12% of small businesses implemented none.