SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Australians have mixed feelings on cybersecurity priorities according to new PWC research
Thu, 2nd Dec 2021
FYI, this story is more than a year old

Australians have been found to have seemingly mixed priorities when it comes to cybersecurity, a new study by PWC has revealed.

The results have shown that the protection of essential services is low on consumers' agenda, with their own personal privacy being one of the main overriding factors that took precedence.

2000 respondents were asked a range of questions around cybersecurity and essential services. The overall aim was to gauge their understanding of the country's critical infrastructure assets and how it impacts consumers' everyday lives.

Surprisingly, 42% of people surveyed were just as concerned about a cyberattack involving their sensitive personal data being stolen as they were about a cyberattack that disables an essential service (41%).

Youth ages 18 to 42 were more likely to prioritise personal information breaches over essential services breaches, whereas those over 65 were generally the opposite.

Location seemed to be a factor as well, with Australians living in regional and rural areas choosing continued access to essential services over data privacy compared to those in capital cities.

The results also reflected heavily on brand trust. Over 60% of survey participants said they would consider changing providers if they were impacted by a cyberattack that affected their essential service.

The younger demographic tended to be less trustworthy of brands in general in the event of a cyberattack, and the company believes the older demographic may have built up trust over time.

Sentiments between genders were similar, but the main gap came between males and females aged 18-24. Nearly 80% of males in this category said they would consider changing providers if they were impacted by a cyberattack that affected their essential service, compared to 64% of females in the same age group.

PwC Australia cybersecurity lead for critical infrastructure Garry Bentlin believes a variety of factors have impacted the data. He says a wide range of personal circumstances and real-world events can change people's perceptions.

"The findings have shown that the protection of our essential services is low on consumers' agenda - possibly due to a lack of understanding or losing sight of priorities. We all know how critical it is to protect our banks since they manage the flow of money between people and businesses, and we expect them to make cybersecurity their top priority.

"But imagine the uproar if our transport network that delivers essential goods was immobilised, or our power grids were attacked by cyber criminals or if our hospital systems were hacked - and what if you had a family member in hospital at the time? It's important for Aussies to understand the real world impacts of these kinds of critical infrastructure attacks."

He also believes that changing technology has only heightened the need for more awareness of cybersecurity from the general public and organisations as a whole.

"We live in a rapidly evolving technology environment and every essential service relies on digitisation, making them vulnerable. While protecting personal data should be a major priority for organisations, it is also vital that they have safeguards in place for improved security and greater resilience against cyber attacks," he says.

"The catastrophic possibility of a successful cyber attack on Australia's critical infrastructure and the consequences of a breach go far further than financial loss. They include the potential for prolonged outages of essential services and, subsequently, impacts on health, safety, and even national security."

Data modelling by PWC estimated direct costs of cyber incidents to businesses to be approximately AUD$10.1 billion, with a loss of GDP through to 2031 to be $114.9 billion.

According to the Australian Cyber Security Centre (ACSC), there was an increase of nearly 13% in cyber incidents in the last financial year.

Bentlin says that it is in the public's best interest to be aware of heightened cyber risk within government infrastructure and the need for greater protection.