But while cyber-attacks get national publicity when they happen to these mega-organisations, SMEs are not immune.
The bad publicity that comes from being the victim of a cyber-attack can damage a business's reputation. Conversely, businesses that keep in-house and client data secure have an advantage over their competitors that pays off in the long-term.
In fact, many savvy companies are learning how to turn the necessity of cyber security compliance into a true competitive edge when attracting new clients. Here are a few examples.
Marketing companies
A marketing company recently acquired a new overseas client thanks to cyber security measures they had already put in place for a previous client.
The marketing company would be taking client data into their own IT systems, which meant their cyber security had to be as stringent as the European client’s.
Because they had all their ducks in a row after the first European client, they could successfully attract the second.
What’s important is that the marketing company didn’t try to wing it. They took compliance seriously and went through a rigorous process to get where they needed to be.
Migration agents
Migration agents work in a sector that relies on strict data protection. In this case, contract requirements around protection of passports and identities were paramount for the agent's client, an IT company bringing in temporary staff from overseas.
This particular case highlighted the need for compliance with broad cyber security measures, including:
• Notifiable Data Breaches Scheme.
• Security Management Plan.
• Security tests on a regular scheduled basis.
• Process for reporting security incidents.
• Monthly security reporting.
• Security Management Plan.
• Security tests on a regular scheduled basis.
• Process for reporting security incidents.
• Monthly security reporting.
These don't just apply to migration agents either. The Notifiable Data Breaches Scheme for example requires any organisation that comes under the Privacy Act to file a report “when a data breach is likely to result in serious harm to individuals whose personal information is involved in the breach”.
Having these as part of any company’s operational processes is an advantage when it comes to attracting new clients.
Government contractors
A business that has appropriate cyber security measures in place can use this as a credential when applying for government tenders. Governments deal with people’s most personal details, from health to taxation.
Strict cyber security measures mean that a company with those credentials in place is already ahead when it comes to making a tender application.
This is especially true with the Department of Defence. If a company is manufacturing components for the military, cyber security needs to be tight around email communications and data transfers that could contain blueprints or tactical detail.
Lengthy agreements round cyber security typically form a substantial part of these tender contracts.
Legal and financial services
The legal profession deals with extremely sensitive documents, from business contracts to documents forming a criminal prosecution or defence case. Cyber security credentials must be gold standard in any exchange between a client and their legal counsel.
Financial services providers are in a similar situation. With quarterly security checks part of the accreditation process, it makes sense to get a jump on competitors by implementing sound cyber security practices.
Once these are in place for one customer, the organisation can replicate the process more quickly when it comes across future clients with similar requirements.
Cyber security is rapidly becoming a service that SMEs offer – one of the operational processes, like good accounting or personnel management.
Because of this, it needs to be handled in consultation with an IT consultant - it’s no longer good enough to tick the boxes and hope for the best.
By getting their cyber security credentials in order, organisations not only protect themselves. They find another way to differentiate their services and get an edge on competitors.
