SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Australian firms breach no-payment policies due to cyberattacks
Wed, 31st Jan 2024

Research sponsored by Cohesity, a forerunner in AI-enabled data security and management, has revealed that cyberattacks are compelling numerous companies to pay exorbitant ransoms and contravene their existing no-payment strategies, with poor data recovery further escalating the issue. The study, which surveyed over 300 Australian IT and security decision-makers, illustrated that firms are adapting to an impending reality of cyber threats.

An overwhelming majority of companies confessed to having paid ransoms within the last two years, with a similar quantity predicting that the menace of cyber attacks will surge noticeably throughout 2024. More concerning still, around 72% of participants admitted that their organisation had succumbed to a ransomware attack between June and December, with 99% expecting the threat landscape to deteriorate further over the coming year.

The report also suggested a disconnect between the size and scope of a company’s data environments and their ability to manage data security risks, with 88% indicating that their risk has increased at a faster rate than their data growth. On top of this, less than a quarter of respondents fully trusted in their firm's cyber resilience strategy and its ability to contend with today’s increasing cyber threats.

Delving into the specifics, none of the participants stated their company could recover data and reinstate business operations within a day, while a meagre 4% declared they could recover within one to three days. Consequently, an astonishing 92% conceded that their company would consider paying a ransom to reboot their operations, and almost two thirds were willing to pay over US$3 million to expedite the recovery process.

Michael Alp, Managing Director of Cohesity Australia & New Zealand, observes that "What is alarming is that over 8 in 10 have paid a ransom, breaking their do not pay policies […] often because they can't recover their data and restore business processes, or do so fast enough."

The study highlights a need for greater executive responsibility and awareness concerning data security. A mere 36% of respondents had confidence that their senior management and executives fully grasped the severe risks of data protection. The majority concurred that senior management (C-Level) should share the liability for their company's data security scheme, whilst 68% believed their company's CIO and CISO could be more aligned.

Further, respondents expressed grave concerns over how breaches contribute to a decrease in share prices, damage to brand reputation, loss of stakeholder trust, and a direct impact on revenue. When asked about the fallout from such attacks, it was suggested that existing customers, the IT team, third-party associates, and employees bear the brunt of the effects.

The investigation also detected concerning deficiencies in corporate efforts towards cyber resilience and adherence to data security best practices in light of regulatory requirements. Astonishingly, less than half of the businesses surveyed stated that government initiatives, legislation and regulations have been instrumental in directing their data management protocols. Alp advises that "The security risks to a company's data and operational continuity should be what drives their data management, security, and recovery practices."