Cyber security readiness falls despite increase in threats
Cyber attacks on customer and employee records in Australia and New Zealand have increased by an incredible 70% and 54%, respectively, in the past two years. Despite this risk, research shows top management has been focusing less on the issue.
Though organisations are still just as likely as ever to face serious cyber threats, new research from business advisory firm BDO shows that the C-suit focus on cyber security in Australia and New Zealand has decreased since 2021.
“Today, we cannot see a cyber attack as a possibility, rather expect to be attacked and have a plan and infrastructure in place to protect yourself. The reputational risk far outweighs any ransom that may be paid, with many large organisations still recovering from attacks years after,” said Leon Fouche, National Cyber Security Leader at BDO.
The increase in employee and customer records being compromised increased dramatically from 2021 to 2022. In addition to that, the percentage of cyber attacks that caused damage to brand or business reputation increased from 6% in 2021 to around 9% in 2022.
“Our data from this year’s report paints a different picture. Despite multiple cyber attacks on high profile companies in 2022, which resulted in widespread data breaches affecting millions of Australians and New Zealanders, we see a decline in senior leadership’s emphasis on cyber governance,” Fouche said.
Proactive action from top management through governance and oversight of digital systems and processes is essential to ensure companies are prepared for inevitable breaches. When asked what contributed to a lack of readiness, more respondents pointed towards a need for “clearer responsibility at senior management levels for cyber security” when compared with the previous year.
Among the reasons why organisations have not been properly addressing cyber security is a lack of available budget and too many other priorities. These are two barriers that were also cited more than in the previous year’s survey.
The past year and half has been a whirlwind of instability and uncertainty for companies around the world. Rising inflation and geopolitical concerns have worsened what has already been a difficult post-Covid-19 adjustment. Though it is understandable how these factors pushed cyber security to the side in favour of more immediately pressing concerns, organisations will need to quickly pick up where they left off to protect themselves.
Fouche continued: “The next 12 months will present formidable challenges in the digital world. We have traditional threats, like ransomware attacks, that will likely persist as evidenced by the last seven years of survey data, accompanied by an increase in crypto-mining malware and phishing. But on top of that, we have cyber criminals learning to automate their attacks using AI and machine learning, which will make attacks more complex, targeted, and harder to defend against.”