"In a scary majority of cases, companies have been breached, but they just don't realise it yet....."
So true @$bill!
I've written about "Mandatory Breach Disclosure Laws" and criticisms of them in the past quite a bit so it'll be no secret to many who I am. The current position means that in many/most cases, companies that do a better job at their own security will/may be most negatively impacted by them. Sounds weird? Not really. If you are doing a good job with your security, you're in a better position to detect a "breach". So in theory, you have to disclose. Companies, who don't care as much about security, have no idea they have been compromised - so they of course, have nothing to disclose. So the better companies in regards to security practices actually end up with reputational damage as a result - penalised for being good or better at what they do while the others don't. Stupid really!
We lobbied the government at the time to include some form of base level mandatory guidelines and practices in regards to what companies should and must be doing in regards to security to level the playing field but it fell on death ears at the time.
Eg; APRA is a toothless tiger in regards to the banking sector. Sure, they have some basic level practices that essentially do nothing more than "recommend" but enforcement is another issue altogether. Compare that to what banking regulators like the MAS in Singapore, and their counterparts in HK, Tokyo etc do and we are literally 20 years behind the game in Australia. They take security seriously over there and companies breaching the regulatory guidelines know the severe consequences the regulators will take. Their security spends are multiples on what is spent here on security.
It is hopefully only a matter of time before the Australian government and various industry regulators (you hope) start to take it as seriously as other countries do and then watch how the security industry explodes. (But then, I have been preaching this for 20 years - thus my cynicism when I read things the government announces (like the China stuff- again!) which really is just words from my previous experience).
But it will happen. It has to. Like $bill said, right now, so many companies are already breached and owned and don't even know about it. I could write a book on the horror stories no one has ever heard of.
The security industry in Australia is in itself almost still a start-up (even after all these years of the Internet). When things start to get serious with how we, (the government and companies) start to deal with it properly, then watch the growth in our sector.
TNT is in a great position now but the sky is the limit if/when that ever happens. We wouldn't be counting cents growth in share prices, we'd be talking dollars. Just my 2c again.
TNT Price at posting:
20.0¢ Sentiment: Buy Disclosure: Held
