Login
iscover
Australian businesses are less equipped to respond to cyber attacks compared with their global counterparts, RSM research reveals.
Newsletter
Australian businesses lack confidence in cyber security: RSM research
17 October 2024
•
12 minute read
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Research from RSM Australia highlighted a lack of cyber attack preparation across Australian businesses compared to US and UK counterparts.
The RSM report, Cyber storm rising: navigating the path to resilience for Australian businesses, surveyed 150 C-suite executives.
The results showed that only 50 per cent of business leaders were confident in the capacity of their staff to tackle cyber security risks effectively, compared to 84 per cent of US and UK leaders.
The report noted “a concerning gap in preparedness and capacity of Australian businesses to effectively anticipate and respond to cyber attacks” compared to global counterparts.
It was revealed only one in three large organisations in Australia had a level of high confidence in their staff’s ability to handle breaches.
RSM Australia security and privacy partner Ashwin Pal said the firm joined its US and UK counterparts in researching how business leaders approached cyber security.
==
==
“While almost two-thirds of Australian businesses feel they are prepared and are gearing up to respond to cyber threats, this is mostly driven by large businesses and there is an opportunity to improve cyber readiness for businesses of all sizes,” he said.
“You only have to look at the Optus and Medibank breaches (both in 2022) to see that even large organisations haven’t been getting the basics right, let alone smaller organisations with fewer resources.”
According to the Australian Signals Directorate data, Australian businesses are hit by a cyber attack every six minutes and 94,000 cyber crime reports were recorded in the 2022–2023 financial year.
The RSM data showed that 29 per cent of large businesses and 16 per cent of medium businesses experienced one or more cyber attacks in the past 12 months.
It was also found that 46 per cent of large organisations experienced a phishing attempt, with 42 per cent of firms’ existing security plans unsuccessful in limiting the damage related to direct data extraction.
Pal said that based on findings, Australian businesses should understand the threat environment and develop best practice mitigation strategies.
“There’s an urgent need for Australian organisations of all sizes to invest in risk management, tailored security measures and regular testing to get prepared for the next major glitch, outage or attack,” he said.
“Our research shows almost half large organisations have done no internal testing and more than half have not tested their wifi or web applications or done the external testing, which means they are extremely vulnerable to attack.”
The report also revealed only one-quarter of large Australian firms and 58 per cent of medium-sized firms did not have cyber insurance.
Fifty-one per cent of businesses said they would make protection against AI-enabled cyber-attacks their top priority, followed by protection against ransomware attacks and extortion attacks.
Businesses said the top three cyber risks were the constantly evolving threat landscape, complexity of IT infrastructure, lack of staff compliance and insufficient staff training.
Pal said regular testing is essential for identifying and fixing gaps in incident response and business continuity plans.
“The need for robust cyber security preparation must be a top priority for any organisation, or they will face serious negative financial and reputational consequences,” Pal said.
“Without rigorous testing, organisations may overestimate their level of preparedness, leading to disastrous outcomes during actual cyber incidents.”
RSM Australia security and privacy risk partner Darren Booth warned Australian businesses were still operating with a mindset of apathy and complacency.
Positively, the results showed that 89 per cent of large organisations had increased their investment in cyber security in the past 12 months.
“Clear communication of risks and incentivising proactive risk management through KPIs are part of the shift in mindset required for Australian organisations,” Booth said.
“The increased investment is promising but more needs to be done to decrease the risk and consequences of the attack.”
You are not authorised to post comments.
Comments will undergo moderation before they get published.