A group of about forty of our clients gathered with a cross section of Grant Thornton Advisers in our Kent Street Sydney offices.  We identified a balanced approach to ensuring an adequate level of cyber-resilience in mid sized organisations, without "shutting up the shop" in the process.   The digital transformation of our businesses must remain a priority, just with a risk and regulatory lens on too.

For regular readers of my postings there was further confirmation that technology is far too important to leave to the technologists alone.  It has firmly arrived in the rest of the C-Suites' intrays and savvy Boards'.  As this extract from this week's New York Times it is very much part of the defence arsenal as well.  Unfortunately as this Times article highlights it's not often done well and, as an NSA operative observes, it isn't nearly as glamorous as at first it might seem.

With mandatory data breach disclosure legislation in force it was acknowledged more than anything else that it was important to have a plan in place.  There is a certain inevitability of a notifiable data breach for many businesses. These provisions are in force from February 2018 in Australia, a little later in the same year in the EU and in force in many States across the US already.    I shared this useful checklist from my fellow technology partner Matt Green of what you need for your plan:


  • how to identify you have a problem
  • what are you going to do
  • who needs to manage your response
  • when and how you are going to respond
  • who you have to /are going to notify
  • report it www.acorn.gov.au

To this I would add in light of some recent work we have done on "Locking down the value of data" https://www.grantthornton.global/en/insights/cybersecurity/value-of-data-hub/. Ensure you have taken a view on the value of your data not just for your organisation but for others that may seek to profit from it.

We are spending more time than ever with our clients opening up access to data there is no benefit in locking down and spending a great deal more time putting in place  plans to protect that data where there is.