The economic impacts of cyber crime in Australia

Recent findings from a report issued by the Poneman Institute showed the average economic cost to Australian businesses of cybercrime to be $4.9 million in 2015, rising from $4.2 million in 2014.

The Institute’s 2015Cost of Cyber Crime Study, sponsored by HR Enterprise Security, examined the economic impacts on 28 Australian businesses with costs ranging from $792,932 up to a high of $18 million dollars.

Strategies need to be developed to combat the risk of cyber-attacks in Australia. The risk itself will only get worse as time goes by and cyber criminals become even more sophisticated. The damage a well-executed attack could have on your business is catastrophic.

At the AICD’s 2015 Company Directors Conference in Kuala Lumpur, international organisational resilience, business continuity and emergency and crisis management expert Nathaniel Forbes discussed in his presentation that the corporate world had entered “The age of digital warfare.”

He stated Directors needed to manage the risk of digital information being compromised from a board level, saying that breaking down business silos and protecting against cyber-attacks was a governance, not an IT, issue.

“Any security expert will tell you that the biggest cybersecurity risk is management complacency about the threat,” he said. “Getting management’s attention is a board responsibility. Determining what level of digital security is appropriate for information is not a technical decision, it is a governance decision.”

For digital security to be truly effective, policy and technology need to be integrated in layers, with different departments or divisions working together on digital security.

“If your company’s cyber risk strategy depends on responding after a breach by fixing the fault in the software or the network you’re doing it wrong,” Mr Forbes went on to say. “The IT department will never find all the flaws. The flaw is not in the software or the network, it’s in the people. Training and awareness are essential for every individual in the organisation, starting at the top.”

In an interview with Computer Weekly in February 2015, International global digital risks and investigations firm Stroz Friedberg reinforced the concept that cybersecurity was an issue that couldn’t be viewed in isolation.

“A risk-based approach will ensure that companies are more resilient, that they wil be able to respond quicker to threats that really matter and that networks are properly segmented,” said Seth Berman, Executive Managing Director at Stroz Friedberg.

By segmenting your network a business can ensure only authorised employees are able to access appropriate data assets.

“If attackers are restricted in their movement once they are inside the network, it gives businesses time to respond and limits the amounts of damage an attacker can do.”

Addressing the risks your business faces as the economy moves even further into the digital landscape takes planning and forethought. While the risks can never be completely mitigated, they can be reduced and the continuity of your business can be protected.

Business disruption, according to the Poneman Institute’s 2015 Cost of Cyber Crime Study, continues to be the highest external cost in Australia, followed by the costs associated with information loss. 

Business disruption alone accounted for 38 per cent of total external costs. The average time it took to resolve a cyber-attack increased from 23 days last year to 31 days in 2015, with an average cost of $419,542.

As the percentage of an organisations security budget focusing on cybersecurity continues to increase – averaging 20 per cent in 2015 up from 16 per cent in 2014 – organisations need to take the risk of an attacks even more seriously.

As the old saying goes “it takes a village,” and in relation to cybersecurity it takes a concerted effort from all departments to protect your future success.

Cybersecurity needs to become an issue driven across business units, and from the Board down, for a company to weather an attack with minimal economic damage. 

Mike Cullen has recently returned to Akolade after a period as the conference producer for one of Australia's leading economic think tanks. Mike began working in the conference industry in 2007 after looking for a career change from the high pressured world of inbound customer service. Mike has worked for some of the most well-known conference and media companies in the B2B space and in his spare time is working on his first novel in a planned Epic Fantasy trilogy.