×
Topics
Industries
About Aon Subscribe

Snapshot

  • As the importance of data strategies increases it is critical to adopt a best-practice approach.
  • To be well positioned to seize future economic opportunities, organisations must proactively minimise the risks of data breach and other events that can impact digital assets.

 Talk to our cyber specialists today to learn how we can help your business address its full spectrum of cyber needs.

 

Reliance on data for informed decision making and competitive advantage has never been so important. Yet research suggests a significant gap exists between the perceived value of data and the steps companies are taking to manage and protect it. Aon’s own research highlights this issue, with companies measuring the value of data and digital assets as 115 times higher than physical assets.[1]

“We have consensus that these digital assets are hugely important,” says Adam Peckman, Head of Risk Consulting and Cyber Solutions for Aon in Asia Pacific (APAC). “However, our research shows that companies have insurance in place for 60% of physical assets compared with only 17% for digital and data assets.[2] This represents a significant gap between the levels of investment to capture the upside potential that these digital assets can unlock and the levels of capital allocation to protect against the financial downside associated with the loss of these assets.”

As the importance of data strategies increases it is critical for organisations to adopt best-practice approach to minimise the risks of data breach and other events impacting digital assets to be best positioned to seize the future economic opportunities.

Know Your Data: Visibility and Value

Jonathan Rubinsztein, Chief Executive Officer at Nuix is seeing clients under increasing regulatory and public pressure to track, categorise and manage the data they hold. His goal is to help businesses realise the greatest commercial value from their data, while reducing risks. “We are seeing unstructured data growing at a rate of 30 to 40% annually,” says Jonathan. “All that data needs to be governed, protected and leveraged. If you understand the data you have, and know how to interrogate it, you can identify where there is value and where there is risk – in your own operations and in your supply chain.”

Shane Jansz, Head of Customer Solutions at Nuix, also emphasises the importance of conducting a thorough data discovery process to identify and manage critical personal identifiable information. “This includes knowing how much data you hold on devices and file servers,” he says. “Are you holding data you don’t need to hold on to?  Do you know how old it is?” Adopting this Know Your Data approach is the first step towards assessing data risks and developing a strategy to reduce risk exposure.

“The greatest danger is in not knowing your data – what’s in it, particularly the opaque unstructured data, where it lies, and the risks involved if it’s compromised.”

Shane Jansz, Head of Customer Solutions, Nuix

Balance Security, Access, and Business Needs

Documenting and understanding the risks associated with processing and storing data extends beyond an organisation’s databases and file servers.  “Your data is only as secure as the most careless employee,” says Shane. “Investment in the most advanced firewalls and cybersecurity measures isn’t going to prevent a data breach from human error. One example is the 800,000 credit card records that one employee had stored on their laptop in a Dropbox folder.”

Examples like this highlight the importance of regular and comprehensive training programs to ensure employees know the data storage protocols to follow and the risks involved in taking shortcuts. At the same time, Shane acknowledges that businesses need to strike a balance between tight security for sensitive data and easy access to data to support decision-making and innovation. “If you can classify data on the basis of what is most critical to your operations and your stakeholders, this can inform a data strategy which applies the appropriate security,” he says.

“If you don’t do the work to understand your data the criminals will – they understand the value your data has for them.”

Michael Parrant, Cyber Practice Leader, Australia, Aon

Avoid a Two Speed Approach: The AI Paradox

One area where innovation can be introducing significant risk exposure is through the rapid adoption of Artificial Intelligence (AI). As Adam points out, organisations need to ensure innovation in AI is not running too far ahead of data and risk governance. “When we speak to Aon clients about using AI, 79% report some level of adoption in the digital frontier of their organisation” he says. “When we speak to teams managing risk and security there is much lower engagement. The majority are either somewhat ready or not ready to manage risks of adopting AI technology.”[3]

“The regulatory change to require more risk-based governance is still developing,” he adds “So far we have seen 12 in force regulations specifically addressing AI around the world, with 155 regulations that now exist with adjacency to AI in areas like privacy and consumer protection.”[4]

For Jonathan Rubinsztein, it is this globally evolving and converging regulatory landscape across AI, Data Privacy and Cyber that best illustrates the ‘eye of the storm’ that can consume large enterprises who are yet to invest in cohesive data transparency, governance and risk or value-based protection approaches.

Confidently Navigate Regulatory Change: Compliance Begins at Board Level

New regulations around data and privacy are coming into effect in countries throughout APAC. In Australia, for example, Privacy Act reforms bring a number of changes that will require companies to ensure compliance or face enforcement by the Office of the Australian Information Commissioner (OAIC).[5] “Organisations are required by law to take reasonable steps to protect information security, and the recent reforms make clear that those steps need to include both organisational and technical measures,” says Andrew Miers, partner in HWL Ebsworth’s national insurance group practicing in the area of privacy and cyber incident response. “There are also now lower thresholds for civil penalties, with fines applicable for less serious infringements. The regulator therefore now has more tools available and has signalled a more enforcement focussed approach. This ups the stakes for companies and boards can’t afford to sit on their hands.”

Simon Petie is Managing Director at Escalate Consulting and advises boards and senior leaders on data breach response. He stresses that leadership must be pro-active in aligning security and privacy measures with evolving regulations and ensure their data governance meets compliance requirements. “Regulation is driving greater accountability for data risks in the board room,” he says. “As a result, boards can no longer treat this only as an operational issue – it’s a strategic priority.”

Prepare for Crisis: Beyond Business as Usual

As an expert in crisis management and business continuity, Simon was at the coalface during the CrowdStrike incident in July 2024. “It was a reminder of the third-party risks businesses must account for when considering their exposure to data risk,” he says. “Some of the organisations impacted didn’t even know CrowdStrike was a critical supplier. It also highlights the fact that an IT disaster recovery plan is not the same as a business continuity plan. A lot of businesses needed to implement workarounds for critical business functions. If you lose a function based on loss of data, you need a plan to keep those operations going.”

Adam agrees that businesses need to treat data breaches as a business viability risk. “You need to be prepared with both technical and non-technical plans to maintain resilience, with internal and external response teams that are properly resourced and rehearsed,” he says. “The first 10 days of a crisis can impact up to 70% of shareholder value. Having your insurance claims protocols and experts standing by to support for data forensics and negotiations with bad actors are all part of an effective response plan that limits financial losses incurred, both immediately and over the long term.”[6]

To mitigate their exposure to data risks, organisations must prioritise data visibility, governance, and preparedness. As regulations and technologies continue to evolve, businesses that act now to strengthen data protocols, strategy and breach response can reduce risks to their operations and reputation and enhance business resilience.

[1] Aon, 2024 Intangible Versus Tangible Risks Comparison Report (Asia Pacific data from the Global edition), May 2024

[2] Aon, 2024 Intangible Versus Tangible Risks Comparison Report (Asia Pacific data from the Global edition), May 2024

[3] Aon, 2024 Intangible Versus Tangible Risks Comparison Report (Asia Pacific data from the Global edition), May 2024

[4] IAPP, Global AI Law and Policy Tracker, Updated February 2024. Coverage includes 24 jurisdictions

[5] Office of the Australian Information Commissioner, OAIC welcomes first step in privacy reforms, September 2024

[6] Aon, Overcoming the Reputational Cost of Cyber Attacks: The 10-Day Plan, September 2023

Related Articles

Understanding Geopolitical Risk and Resilience in a Changing World
November 19, 2024

Understanding Geopolitical Risk and Resilience in a Changing World
How Four Megatrends are Driving Strategic Business Priorities Around the World
November 19, 2024

How Four Megatrends are Driving Strategic Business Priorities Around the World
The Case for a National Workers’ Compensation Scheme 
November 11, 2024

The Case for a National Workers’ Compensation Scheme 

Unlocking New Solutions: The Rise of Parametric Insurance 
November 19, 2024

Unlocking New Solutions: The Rise of Parametric Insurance 
Building the Foundations for Navigating Uncertainty and Risk: a C-Suite Perspective
February 10, 2025

Building the Foundations for Navigating Uncertainty and Risk: a C-Suite Perspective
Beyond Compensation
February 11, 2025

Beyond Compensation

Optimising Risk Management with Captive Insurance Innovation
February 11, 2025

Optimising Risk Management with Captive Insurance Innovation
Supply Chain Disruption: Managing the Risk and Enhancing Resilience 
February 05, 2025

Supply Chain Disruption: Managing the Risk and Enhancing Resilience 

Want to keep up to date with our insights?

Privacy Policy