Fullstack Logo

Cybersecurity Lessons To Learn from a Data Breach

Many Australians, especially those whose data has been compromised, are very concerned about the Optus data breach. As cyberattacks become more sophisticated, how can businesses avoid a similar fate? Here are some lessons on cybersecurity.

For businesses, the breach serves as a timely reminder of the value of knowing what customer data is held, how it is secured, how your systems operate and the process to identify gaps and deficiencies, the proper actions to be taken if and when a breach occurs, and the impact on your relationship with your customers. This is a problem that affects the entire business and cannot be purely delegated to IT.

The responsibilities of business

Everybody is aware that no system is totally secure. This is not the first time for Optus. For violating the Privacy Act in 2015, Optus agreed to an enforceable undertaking in 2015.

A data breach occurs when personal data is accessed, disclosed, or lost without authorization. When a data breach involving personal information is likely to cause serious harm, you must notify the affected individuals and the Office of the Australian Information Commissioner if the Privacy Act of 1988 applies to your company. The notification must be made as soon as practically possible, but no later than 30 days is typical. Each day matters.

A company is required to take all practical measures to uphold its obligations and avoid data breaches. These obligations go beyond shielding against online threats. 55% of all reported data breaches are the result of malicious or illegal attacks. However, 41% and 4%, respectively, are caused by human error and system flaws. 43% of human errors involved sending personal information to the incorrect recipient via email, and 21% involved the unintentional release or publication of personal data.

How to express apology

Trust is a key component of your client relationship. The client relationship is the other issue, in addition to the breach notification requirements.

So how exactly does a company apologize? University of Chicago economist John List, and other academics studied this issue for Uber ride sharing after John List, who was then Uber’s Chief Economist, had a negative ride sharing experience. The final word? For the apology to be effective, it must cost something. This cost may be in terms of reputation, a promise to perform better in the future (the higher standard), or money. The effectiveness of an apology and whether it could backfire depend on how it is delivered. Secondly, apologies are not a cure-all. Sometimes, a financial benefit can help – many companies provide a credit or discount to help provide for the inconvenience involved. Thirdly, there are times when sending an apology is worse than not sending one at all, particularly when it comes to repeated incidents without sufficient action taken.

Assisting in the prevention of data breaches

  • Recognize your Privacy Act duties. Advanced requirements are frequently necessary for specific businesses and industries that hold particular types of data.
  • Review the customer personal data that is kept. Is their complete date of birth essential to what your company does? Do those identification documents need to be kept after being validated if you need to confirm identity? Or is a “Yes” sufficient confirmation? Are the client’s data being stored securely, and who has permission to access it?
  • Ensuring multifactor authentication in systems
  • Increasing staff awareness of not only cyber threats and how to avoid them—phishing, fraudulent messages, etc —but also the management and access of personal data.
  • In order to avoid security holes or “backdoor” system access, it is important to understand your systems and how they interact.

Cybersecurity is one of the most pressing issues confronting business leaders today. Fullstack Advisory is proud to help businesses continue moving onward and upward, if you have questions, feel free to reach out to us here.

Was this article helpful?


Stuart Reynolds
is the founder of Fullstack Advisory, an award-winning accounting firm for businesses leading the future. He is a 3rd generation accountant who specialises in tech companies, crypto and entrepreneurs.

Share this Article

Find out more.

Need accounting

Request a consultation and speak to one of our business accountants & advisors. Get clear next steps for your project.

Connect with us

Ask Us a Question?

Reach out to us about any of the topics in this article.

Via online meetings, email or phone, we are keen to help you get to the next level.

When it suits, just pop a time on the calendar.


Speak to our experts

Other ways to get in touch with us.

Your Privacy


We will never share your details with any third-party.

This form collects your name contact number and email address so that we can contact with you and provide a quote for our services. Please check our Privacy policy to see how we protect and manage your submitted data.



Level 13, 333 George St Sydney NSW 2000



120 Spencer St Melbourne VIC 3000



310 Edward St Brisbane QLD 4000

structures set Restructures

Structures - Setup & Restructures

  • Company Setups
  • Trust Setups
  • Flip Ups
  • Australian Subsidiary Setups
  • Detailed Tax Advice
  • Cap Tables
  • Equity Consulting
Get a quote Tax Advisory Icon
govt grants Incentives

Government Grants & Incentives

  • R&D Tax Incentive
  • R&D Finance consulting
  • Forward Financing consulting
  • ESIC
  • Export Market Develop. Grant (EMDG)
  • State Grant Editorial Reviews
Chat with an Advisor> Tax Advisory Icon
finance Forecasting

Financial Forecasting, Xero & Fintech Support

  • Dashboards
  • VCFO Reporting
  • Management Reports
  • Advisory Board Meetings
  • Bookkeeping & System Reviews
  • App Implementations
  • Cashflow Forecast Workshops
Get a quote structure and setup
complex tax questions

Complex Tax Questions

a) Book a consultation with a Tax Advisor
b) If more detail > Written Tax Advice

We regularly cover:
  • Corporate Structuring
  • International Tax
  • Restructures
  • Business Sales
  • Tax Consolidation
  • ESOPs
  • GST & Duties
  • FBT
  • ESIC
  • Tax Residency
Chat with an Advisor > Tax Advisory Icon
capital raising support

Capital Raising Support

  • Financial Modelling
  • Cap Table Modelling
  • Share Issues
  • Share Splits
  • Share Buy Backs Pre Diligence
  • Startup Valuations
  • ESIC / ESVCLP advice
Chat with an Advisor > Tax Advisory Icon
Tax Advisory Icon

Corporate Secretarial & Advisory Board

  • Share Issues
  • Share Transfers
  • Director Updates
  • Nominee Directors
  • Registered ASIC Agent
  • Monthly or Quarterly Advisory Board
  • AGMs
Get a Quote Corporate Secretarial