The Accenture 2019 "Cost of cyber crime Study" just published by Accenture and the Ponemon Institute found that Australian organisations experienced an 18% increase in the number of security breaches in 2018 – an average of 65 security breaches per company in the year, compared to an average of 53 in 2017.
The study is based on interviews with more than 2600 security and IT professionals at 355 organisations worldwide, including Australia.
The research also shows individual incidents are becoming more expensive to companies, with the cost of ransomware attacks increasing by 40% in Australia from 2017-2018, from US$56,500 to US$89,433.
And according to the research, phishing incidents rose by 13%, attacks generated from stolen devices by 11% and ransomware by 9%.
But, despite the increased threat and instances of these attacks, budgets for the people-based attacks have not been elevated accordingly, only seeing an incremental increase from 11% to 14% in 2018.
The study calculated cybercrime costs as what an organisation spends to discover, investigate, contain and recover from cyber attacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities — i.e., incident-response activities designed to prevent similar attacks — and efforts to reduce business disruption and the loss of customers.
“Despite our remote location, Australia has not escaped the impact of some major global ransomware attacks in the last 12 months, with many businesses falling victim to NotPetya and WannaCry which had a considerable impact on cybersecurity expenditure,” said Joseph Failla, Accenture’s security lead in Australia and New Zealand.
“As public and private Australia, across all industries, becomes increasingly digitised, the threat landscape is increasing and leaving us more vulnerable,” Failla warned.
“Australian businesses must understand where they can gain value in their cybersecurity efforts to improve their cyber resilience, minimising risk and even preventing future attacks.
“The continued lack of investment in artificial intelligence, machine learning and automated technologies is concerning, especially as they represent the most value.”
Despite an increase in cyber crime, the research reveals that most types of cyber attacks are taking less time to resolve, “demonstrating that capabilities are improving”, says Accenture and Ponemon Institute.
According to the research, malicious code attacks are now taking 20% less time to resolve – and the deployment of automation, machine learning and artificial intelligence technologies remains low (35% and 34% in Australia respectively). However these deliver the largest cost savings — up to US$2,670,000 — when fully deployed.
Other key findings of the study include:
- Australian companies are spending the most on discovery (35%) and the least on recovery activities (20%)
- Information loss remains the most expensive consequence of a cyber crime in Australia (43%) followed by business disruption (32%).
- Globally, banks and utilities companies continue to have the largest cost of cyber crime by industry, globally (US$18.37 million and US$17.84 million respectively)
- Globally, the average cost of cyber crime for an organisation increases from US$1.4 million to US$13 million over five years.
- The economic value at risk due to cyber attacks over the next five years is US$5.2 trillion globally.
Along with its security report, Accenture has outlined three steps to “unlocking the value” in cyber security for Australian organisations:
1. Prioritise protecting people-based attacks:
Countering internal threats is still one of the biggest challenges with a rise in phishing and ransomware attacks, as well as malicious insiders.
2. Invest to limit information loss and business disruption:
Already the most expensive consequence of cyber attacks, this is a growing concern with new privacy regulations such as GDPR and CCPA.
3. Target technologies that reduce rising costs:
Use automation, advanced analytics and security intelligence to manage the rising cost of discovering attacks, which is the largest component of spending.