Story image

Organisations spending more as cyberattacks increase

A new study has found cyberattacks are on the rise for Australian organisations, with findings showing an 18% increase in the number of security breaches in 2018. 

Accenture's 2019 Cost of Cybercrime Study, published by Accenture and Ponemon Institute, was based on interviews with more than 2,600 security and IT professionals at 355 organisations worldwide. 

The study has revealed Australian companies experienced an average of 65 security breaches last year, compared to the 2017 average of 53 security breaches. 

According to the report, the cost of cybercrime is increasing, with Australian companies spending US$6.9 million on cybersecurity related expenditure. This is a 26% jump from 2018, higher than Germany at 18% and lower than the UK at 31%.

The research also shows individual incidents are becoming more expensive to companies, with the cost of ransomware attacks increasing by 40% in Australia from 2017-2018, from US$56,500 to US$89,433.

Australian businesses were found to have the largest increase in cybercrime driven by people-based attacks, with a 33% growth in cyberattacks from these methods. Phishing incidents rose by 13%, attacks generated from stolen devices by 11% and ransomware by 9%. However, despite the increased threat and instances of these attacks, budgets for these people-based attacks have not been elevated accordingly, only seeing an incremental increase from 11% to 14% in 2018.

The study calculated cybercrime costs as what an organisation spends to discover, investigate, contain and recover from cyberattacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities, i.e., incident-response activities designed to prevent similar attacks and efforts to reduce business disruption and the loss of customers.

"Despite our remote location, Australia has not escaped the impact of some major global ransomware attacks in the last 12 months, with many businesses falling victim to NotPetya and WannaCry, which had a considerable impact on cybersecurity expenditure," explains Joseph Failla, Accenture's security lead in Australia and New Zealand.

"As public and private Australia, across all industries, becomes increasingly digitised, the threat landscape is increasing and leaving us more vulnerable," he says. 

Failla says Australian businesses must understand where they can gain value in their cybersecurity efforts to improve their cyber resilience, minimising risk and even preventing future attacks.

"The continued lack of investment in artificial intelligence, machine learning and automated technologies is concerning, especially as they represent the most value," he says. 

Despite an increase in cybercrime, the research reveals that most types of cyberattacks are taking less time to resolve, demonstrating that capabilities are improving. 

According to the research, malicious code attacks are now taking 20% less time to resolve. The deployment of automation, machine learning and artificial intelligence technologies remains low (35% and 34% in Australia respectively), however these deliver the largest cost savings - up to US$2,670,000 when fully deployed.

Other notable findings of the study include:

  • Australian companies are spending the most on discovery (35%) and the least on recovery activities (20%)
  • Information loss remains the most expensive consequence of a cybercrime in Australia (43%) followed by business disruption (32%).
  • Globally, banks and utilities companies continue to have the largest cost of cybercrime by industry, globally (US$18.37 million and US$17.84 million respectively)
  • Globally, the average cost of cybercrime for an organisation increases from US$1.4 million to US$13 million over five years.
  • The economic value at risk due to cyberattacks over the next five years is US$5.2 trillion globally.