Professional services companies need to be unimpeachable in their ability to take care of clients’ information; if the company’s firewall gets a reputation for being easy to crack, it could be disastrous for business.
New changes to the Privacy Act, introduced in late 2020, mean the effects of a cyber-attack can be much more serious. Under the new rules, it’s a criminal offence for businesses to fail to notify the Privacy Commissioner and customers of a data breach that causes “serious harm.”
That’s a major risk for professional services companies, whose systems handle huge amounts of sensitive data: personal details, trade secrets and confidential information. The only way to avoid the embarrassment of admitting to a data breach or facing criminal action is to stop data breaches before they reach that “serious harm” threshold. That can’t be achieved with a reactive mindset; if businesses wait until it happens, it will be too late.