This is the first time external attackers have trumped trusted insiders as the likely source of a cyberattack in 17 years, according to EY.
Despite 80 per cent of Australian companies believing they face an increased threat of cyberattack, more than half (51 per cent) believe their organisation does not have the systems in place to detect a sophisticated attack.
EY’s Global Information Security Survey (GISS) found companies are lacking the agility, the budget and the skills to mitigate known vulnerabilities and successfully address cybersecurity.
More than 50 per cent of respondents said that their organisation’s total information security budget will stay approximately the same or decrease in the coming 12 months despite threats.
More than a third (34 per cent) of organisations have no real time insight on cyber risks and more than half (55 per cent) say that a lack of skilled resources is one of the main obstacles challenging their information security program with only 17 per cent meeting all security operations requirements in house.
EY’s Oceania Information Security leader Mike Trovato said the government has a critical role to play in supporting businesses to defend themselves from cyber-attacks.
“We are living in a cyber-ecosystem where threats are coming from more and more resourceful and well-funded sources,” Mr Trovato said.
“While organisations need to do a better job of anticipating attacks because of the serious and sometimes catastrophic breaches of critical corporate and personal information, we have to think more broadly about organisational resilience,” he said.
“Today it is too easy to blame business or government neglect, the media, computer users, or IT systems developers, and operators for the epidemic of cybercrime.
“Nor can we just say those that have fallen victim are just the unlucky, that this will maybe happen to us all.
“The genie is out of the bottle – and we can’t put it back, we all have to learn to adapt or perish.”
Last month, PwC highlighted the “severe and present danger” of cyber risks pertinent to accountants, including those in small business.
“It definitely applies to accountants. Nobody is immune. It’s such a connected network today, the risk is so ubiquitous.
“A lot of the smaller accounting firms would think that they’re just a small operation and they wouldn’t be of interest to a foreign government, or to an active competitor, or organised crime or a hacktivist.
“But in fact they could well be, and they could be an easier target.”
You are not authorised to post comments.
Comments will undergo moderation before they get published.