Lyndall Spooner, founder and CEO of Australian strategic research and consulting agency, Fifth Dimension and leading authority on brand trust, is calling on industry and government to urgently adopt the need for internationally recognised Information Security standards, such as ISO27001 to be implemented across their supplier chain in order to protect Australians from the dangers of data breaches.
Government and industry, specifically ASX listed businesses, must urgently install a requirement that ensures all agencies and contractors engaged to provide services that involve accessing customer/consumer data, hold ISO27001 or SOC2 accreditation – (the international standards for information security) or prove to undertake equivalent practices.
“Most Australians would be horrified to know that some government and corporate entities, including ASX listed companies, engage agencies and contractors to undertake work involving customer information without requiring them to hold ISO27001,” Spooner said.
“According to VPN provider Surfshark, in Q4 2022 Australia was the most frequently hacked nation in the world. Australia recorded 7,387 user accounts hacked per 100,000, while second on the list Russia recorded 2,568 per 100,000. Since 2004 there have been 132.4 million accounts breached in Australia.
“Additionally, according to Gartner, in 2022 there was a significant rise in cyberattacks originating from third party services,”
“Congratulations Australia, the no worries attitude towards the data security of third-party agencies has made us an easy target for hackers,”
“Government departments and corporates need to specify ISO27001 or equivalent in their RFPs/contracts and seriously question why they would work with a company that does not comply,”
“A company that has gone through the process of gaining ISO27001 is a company that can be trusted to be doing everything possible to ensure they minimise the chances of a data breach,”
“They are demonstrating that data security is part of their culture and not something they simply mention in a pitch process,”
“Even if a business says they have robust data security and information security practices, have they taken the additional step of being audited by an independent body to test the strength of these practices. This is an important question that needs to be asked of service providers,”
“Achieving ISO27001 took our firm over 12 months of intensive reviews to ensure every part of our organisation and our systems met the world class standard and we started from a high baseline,”
“We must lift our standards in Australia; there are no excuses for complacency and Australians will no longer accept weak data security. The theft of personal data can devastate people’s lives and cause irreparable brand damage. The protocols are there; government and corporates must enforce them.”
What is ISO27001
ISO27001 is the international standard for information security that sets requirements for an Information Security Management System (ISMS). The standard outlines a framework of policies, procedures and controls that help companies manage information.
ISO27001 covers three main areas:
How to set up your ISMS to significantly reduce the risk of a data breach by managing information security risks – that is identifying and mitigating potential vulnerabilities in your ISMS
What to do in the event of a data breach or a ransomware demand
What governance and management structures are in place to oversee data security practices and to hold people to account
“I am sure there are many companies that do not have ISO27001 that have strong data security practices in place. I encourage them to pursue ISO27001 certification as it shows a clear commitment to ensuring data security,” Spooner added.
“Unfortunately there are companies that do not have strong data security that might be using cheap data collection systems that store data on servers outside Australia, send sensitive data over email and have no secure testing environments.
“They probably think they are too small a company to have to worry about being hacked or that it may be too expensive to implement best practice security protection measures. Well, this thinking is flawed because no client wants their customer data to be compromised due to sheer negligence. The cost of being responsible for a data breach far outweighs the cost of implementation.
“I urge organisations to ask your agencies that collect or handle any personally identifiable information on your behalf for the documentation of their ISMS and how it complies with the international data security standards.
“Regardless of what industry we all work in, many of us are involved in accessing and working with customer data. Data should be our greatest asset, but right now data security is one of our greatest weaknesses.
“We can minimise and even stop data breaches if we all embrace international standards. Governments and ASX listed businesses should not be engaging providers that do not hold the highest level of certification. To do so, is stupid and quite frankly, negligent.”
Fifth Dimension’s Globally Recognised Trust Model
Fifth Dimension’s groundbreaking trust model centres on the premise that trust in brands has its foundations laid in two traits – the capability of the brand to do what it promises and the character of the brand to operate in an honest and ethical manner. Fail on both trust traits and brands risk losing a customer they have let down for life and weakening brand growth due to the legacy of a proven poor reputation.
About Fifth Dimension Consulting
Fifth Dimension has been recognised for its groundbreaking work receiving multiple awards including: three prestigious 2021 FORSTA AIR (Achievement in Insight and Research) Awards including Judges Choice, a 2021 Confirmit ACE (Achievement in Customer Excellence) Award in the Innovation category, and a 2020 Confirmit AIR Insight and Research Award.
In addition, Fifth Dimension was included in the highly respected 2020 GreenBook Research Industry Trends (GRIT) Top 25 Strategic Consultancies, as one of the world’s most innovative companies to make the list.
Since its launch in 2006, Fifth Dimension’s four pillars of expertise have continued to evolve new capabilities to embrace uncertainty and drive the development of market leading approaches: strategy, experience, research and technology.
