There’s a cyber breach every 1.8 seconds. Are you next?

By Rob McKie - September 6, 2018

Did you know, on average there is a cybersecurity breach in Australia every 1.8 seconds[1]. Whether malicious in nature or accidental, the most common cyberthreats result from weaknesses in and between an organisation’s systems.

A robust cybersecurity program acknowledges the interdependencies between systems and includes governance, management and assurance policies and processes that continually evolve to meet the needs of the changing environment and business needs.

Below is a step-by-step guide to assessing the state of your cybersecurity.


Step 1: Prepare

The first step to protecting your organisation is understanding your exposure. To do so, it’s helpful to undertake an audit and gap analysis of your systems and processes and how they relate to cybersecurity. This process should address risks related to people, processes, technology and information.

With this information you can determine the appropriate response, which can broadly be categorised as follows:

Avoid: This is a process by which you assess your areas of vulnerability and minimise or cease your activity in these specific areas.

Mitigate: This is a proactive process by which you assess your areas of vulnerability and modify your organisation’s policies and processes to limit risk in specific areas.

Transfer: This approach seeks to ‘transfer’ the risk to third-parties, typically external suppliers such as insurers, data management and security providers, making them accountable for managing your risks.

Accept: Alternatively, you may deem certain risks acceptable to your organisation and no action is required. This is typically the case when the financial cost of mitigation exceeds the potential financial impact of the risk itself


Step 2: Respond

While it’s common for organisations to invest resources in systems and processes, many neglect to plan and prepare for an incident in the event cybersecurity systems fail.

A robust incident response plan should include the follow steps:

Identification: Determine what has occurred and act to contain the incident, particularly in relation to preventing harm to people.

Investigation: Examine the factor(s) causing the incident and understand your obligations to disclose the event to affected parties as the incident unfolds.

Action: Take the appropriate steps to prevent reoccurrence and communicating with affected stakeholders.

Recovery: This involves returning to usual operation with improved risk procedures and actively managing reputational damage (if any) to restore confidence in your organisation.


Step 3: Follow-up

A post-incident review is critical to evaluating and managing the short and long-term impact to an organisation. It allows for a more thorough review and understanding of the situation and the response, and the impact to reputation and revenue, enabling organisations to develop processes to manage and mitigate future risks.

The findings should be documented and reported to the relevant stakeholders, including learnings and remediation steps.



With growth in the number of connected devices and systems, both personal and professional, the number of entry points for cybercrime has exponentially increased.

As a manager, not only are you responsible for tangible business assets, but also for the value of your brand, the safety and wellbeing of your personnel and of course the security of your valued clients’ private information.

For peace of mind that your business is protected from cyberthreats, contact Pitcher Partners for a confidential discussion.


Click here to read our breakdown of the key factors driving cyberthreats as we help you to understand the risks.


[1] According to ABS data, there were 2,238,299 actively trading businesses in the Australia in 2016-17. Stay Smart Online figures claim 59% of Australian businesses experience a cyberbreach monthly.

Contact our experts

Other articles


Top of Page


Rob Southwell

Rob Southwell's picture


Managing Partner and Partner – Private Business and Family Advisory

> View profile

Nigel Fischer

Nigel Fischer's picture


Managing Partner - Private Business and Family Advisory

> View profile

Michael Minter

Michael Minter's picture


Managing Partner

> View profile

Leon Mok

Leon Mok's picture


Managing Director

> View profile

Brendan Britten

Brendan Britten's picture


Managing Partner and Executive Director/Partner- Business Advisory and Assurance

> View profile

Ben Brazier

Ben Brazier's picture


Managing Principal

> View profile

Partnership fraud


Paperwork and independent advice saves partnerships from fraud

Discover more

Kia Ora Horse Stud


Pitcher Partners fills a Financial Manager gap to keep the business on track

Discover more

Fuel Injection Company Administration


A fuel injection company began life as an Australian public company before being acquired by a UK publicly listed company while in the research and development stage of a “green...

Discover more

@PitcherPartner LEADERSHIP | Client care is more important than ever as businesses & individuals navigate these challenging times.…