Kiwi disclosure law could boost security, says Symantec

A new survey of small and medium sized businesses shows 58% of Australian and New Zealand companies suffered a data loss or breach that affected business performance.

The survey, by security company Symantec, found 69% of these organisations reported losses due to systems breakdown or hardware failure, 49% through onsite and natural disasters, 47% through human error, 45% through a lost or stolen laptop or other protable device and 39% through deliberate sabotage by an employee.

The survey received 1425 responses across 17 countries. One hundred responses came from Australia and New Zealand.

The ANZ loss rate is well above the global average of 41% and even further away from the US rate of 29% and Canada's loss rate of 27%.

Steve Martin, Symantec's SMB manager for the Pacific region, says that may be due to the lack of data breach disclosure laws in the region.

"The same sorts of breaches are happening here," he says, "but there is no requirement to publicly disclose them. It's easier to keep it quiet and out of the press."

He says one hundred staff at an Australian tertiary insitution recently had money removed from their accounts after a breach.

"That's just one of myriad," he says.

Data breach laws in the US make data security more "front-of-mind" for businesses, he says.

Martin says a business's profile isn't really an issue when it comes to security, as most attacks are aimed at stealing personal information for on-sale. All businesses hold some sort or personal information, whether of staff or of customers.

He also says Symantec isn't seeing espionage-type attacks in ANZ. Activity is mainly about obtaining such personal information.

Martin says SMBs are in the business of doing their business, but they need to appoint someone or find a partner to provide regular data security advice and to implement that.