The direct economic loss from cyber attacks on Australian businesses could reach as much as AU$29 billion per year – the equivalent of 1.9% of the country's entire GDP.
What's more, 20% of Australian companies aren't sure if they have experienced a cybersecurity incident in the last five months because they haven't checked properly.
For each Australian organisation with more than 500 employees, it could face a direct loss of AU$35.9 million.
These are some of the statistics from a new report by Frost - Sullivan and commissioned by Microsoft, which says direct losses from cyber attacks can result in revenue loss, decreased profitability, fines, lawsuits, and remediation.
The report, titled Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World, polled 1300 people from 13 countries including Australia, China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand.
More than half (55%) of Australian respondents have experienced a cybersecurity incidents in the last five months. The 20% that don't know if they have been affected haven't conducted proper forensics or a data breach assessment, the report claims.
Microsoft's director of Corporate, Legal and External Affairs, Tom Daemen, says a large number of organisations have been affected, but it's not surprising given the number of attacks that occur every year.
"However, the finding that one in five Australian businesses are not performing regular forensics and data breach assessments is surprising given the frequency of attacks and suggests a need for greater awareness and a cultural shift in how we manage and think about data.
Beyond the statistics that show the devastating costs of a breach, the report says that fear and doubt surrounding cybersecurity issues is undermining Australians' willingness to cash on in the digital economy. 66% say their enterprise has postponed digital transformation efforts due to cyber risks.
“Although the direct losses from cybersecurity breaches are most visible, they are just the tip of the iceberg,” comments Frost - Sullivan VP and Asia Pacific head of Enterprise, Edison Yu.
“There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organisations suffering from cybersecurity attacks can be often underestimated.
Yu notes that digital transformation is expected to add $45 billion to Australia's economy in 2021 so it's concerning that so many organisations are postponing their efforts.
“Data management needs to be prioritised in the boardroom as a strategic focus. Not only will this ensure organisations comply with Australian Notifiable Data Breaches Act and European GDPR legislation, but it will empower employees to see data as the strategic asset it is – and push forward with digital transformation initiatives.
AI in cybersecurity is also proving to be popular, according to the report. 84% of Australian organisations have adopted or will adopt an AI approach to cybersecurity.
Respondents are also concerned about online brand impersonation, remote code execution and data corruption are of top concern as they have a high business impact and slow recovery time.
“The ever-changing threat environment is challenging, but there are ways to be more effective using the right technology and instilling the right culture,” Daemen concludes.