The number of security breaches impacting Australian organisations increased 18 per cent in 2018, according to new research published by Accenture and Ponemon Institute. The study shows Australian companies experienced an average of 65 security breaches in 2018, compared to an average of 53 in 2017.
Based on interviews with more than 2,600 security and Information Technology (IT) professionals at 355 organisations worldwide, Accenture’s 2019 “Cost of Cybercrime Study” found that the cost of cybercrime is increasing, with Australian companies spending US$6.9 million on cybersecurity related expenditure. This is a 26 per cent jump from 2018, higher than Germany at 18 per cent and lower than the UK at 31 per cent.
The research also shows individual incidents are becoming more expensive to companies, with the cost of ransomware attacks increasing by 40 per cent in Australia from 2017-2018, from US$56,500 to US$89,433.
Australian businesses were found to have the largest increase in cybercrime driven by people-based attacks, with a 33 per cent growth in cyberattacks from these methods. Phishing incidents rose by 13 per cent, attacks generated from stolen devices by 11 per cent and ransomware by 9 per cent.
Despite the increased threat and instances of these attacks, however, budgets for these people-based attacks have not been elevated accordingly, only seeing an incremental increase from 11 per cent to 14 per cent in 2018.
The study calculated cybercrime costs as what an organisation spends to discover, investigate, contain and recover from cyberattacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities — i.e., incident-response activities designed to prevent similar attacks — and efforts to reduce business disruption and the loss of customers.
“Despite our remote location, Australia has not escaped the impact of some major global ransomware attacks in the last 12 months, with many businesses falling victim to NotPetya and WannaCry which had a considerable impact on cybersecurity expenditure,” said Joseph Failla, Accenture’s security lead in Australia and New Zealand.
According to Failla, as public and private companies across all industries becomes increasingly digitised, the threat landscape is increasing and leaving them more vulnerable.
“Australian businesses must understand where they can gain value in their cybersecurity efforts to improve their cyber resilience, minimising risk and even preventing future attacks. The continued lack of investment in artificial intelligence, machine learning and automated technologies is concerning, especially as they represent the most value.”
Despite an increase in cybercrime, the research reveals that most types of cyberattacks are taking less time to resolve, demonstrating that capabilities are improving. According to the research, malicious code attacks are now taking 20 per cent less time to resolve.
The deployment of automation, machine learning and artificial intelligence technologies remains low (35 per cent and 34 per cent in Australia respectively) – however these deliver the largest cost savings – up to US$2,670,000 – when fully deployed.
Other notable findings of the study include:
- Australian companies are spending the most on discovery (35 per cent) and the least on recovery activities (20 per cent)
- Information loss remains the most expensive consequence of a cybercrime in Australia (43 per cent) followed by business disruption (32 per cent).
- Globally, banks and utilities companies continue to have the largest cost of cybercrime by industry, globally (US$18.37 million and US$17.84 million respectively)
- Globally, the average cost of cybercrime for an organisation increases from US$1.4 million to US$13 million over five years.
- The economic value at risk due to cyberattacks over the next five years is US$5.2 trillion globally.