BAE Systems Applied Intelligence has revealed new research highlighting the reaction of Australian businesses to recent high-profile international cyber attacks. The research, which was conducted earlier this month, reveals that a substantial proportion of Australian respondents (64 per cent) said their businesses had increased their cyber security budget following a series of attacks on international businesses, including banks and major companies such as US retail giants Target, in December 2013 and January 2014. This suggests that Australian businesses are reacting strongly to the growing threat presented by digital criminality.
The latest findings come as BAE Systems Applied Intelligence releases a new report, Business and the Cyber Threat: The Rise of Digital Criminality based on wider research into international businesses’ concerns and opinion around the cyber threat.1 The research shows that the vast majority of Australian respondents (84 per cent) expect the number of targeted cyber attacks to increase over the next two years. Businesses are most worried about organised groups of fraudsters attacking their organisation (53 per cent). Loss of customer data was identified by 55 per cent of respondents as their greatest concern in the event of a cyber breach, despite increasing legislation across the Asia-Pacific region, aimed at improving the protection of consumer data.
In spite of the strong response to recent attacks, Australian respondents’ confidence that their companies were well equipped to prevent targeted cyber attacks was lower than in the other countries surveyed (84per cent of respondents compared to 92 per cent in Canada and 90 per cent in the UK, and 87 per cent in the US). This was even more marked when respondents were asked about their confidence in their wider sector’s ability to prevent attacks, with 27 per cent of Australian respondents saying they were not confident in their sector, compared to 20 per cent of the international survey group as a whole.
It was also worrying to note that one in four Australian respondents thinks that their Board does not yet fully appreciate the risk posed by targeted cyber attacks, and that 39 per cent of Australian respondents said they either did not have, or were not aware of, a crisis response plan in the event of an attack. This suggests that there might still be a need for further education on the issues that can arise from an attack.
Richard Watson, Managing Director Asia Pacific and Middle East, BAE Systems Applied Intelligence, said:
“The research shows that Australian businesses are increasingly aware of the threat of digital criminality. However, they need to remain vigilant about the risks and possibilities of being under cyber attack. Cyber criminals are highly sophisticated, constantly finding new ways to steal an organisation’s valuable information, and targeting companies through a growing number of channels. Businesses cannot ignore this threat and have to take action to protect their business and customers. It is therefore encouraging to see that Australian businesses are taking steps to respond to these challenges and are starting to understand that cyber crime is no longer just an IT problem, but a business wide challenge.”
The research also found that Australian businesses recognised that they face increasing exposure to cyber threats as they adapt business practices to keep pace with the hyper-connected world. For example, 78 per cent of Australian respondents thought that the use of mobile technologies presented a significant cyber risk, and 69 per cent thought that critical operating systems represented a significant cyber threat to their business.2 Australian respondents were less likely to say that they were confident that their businesses understood the cyber risks presented by these new business practices – for example only 12 per cent said they were extremely confident their organisation understood the risks presented by supply chain partners, compared to 22 per cent of respondents in the UK and 19 per cent in the US.
Richard Watson, Managing Director Asia Pacific and Middle East, BAE Systems Applied Intelligence, continued:
“BAE Systems Applied Intelligence has seen a marked increase over the last year in attacks on supply chain targets such as professional services companies, legal firms, IT outsourcers, marketing agencies or other third-party advisors and companies. It’s vitally important that companies are aware of the increased threat and develop effective strategies to protect themselves and their customers as well as possible.”
Further key Australian findings of the research include:
· Confidence: The vast majority of Australian respondents (84 per cent) were confident in their organisation’s ability to prevent targeted cyber attacks. Only 71 per cent were confident in the ability of their industrial sector as a whole to prevent attacks.
· Concern: when asked what they were most concerned about in the event of a successful attack, the most common responses were loss of customer data (55 per cent of global respondents), theft of intellectual property (43 per cent) and reputational damage (33 per cent).
· Convergence: Organised groups of fraudsters were identified by 55 per cent of international respondents as the most likely group to mount targeted cyber attacks. 10 out of the 11 Australian respondents who had encountered cyber-enabled fraud expect cyber to play a greater role in financial fraud in the future.
· Crisis plans: 39 per cent of Australian organisations surveyed still did not have, or were unaware of, crisis plans in the event of a cyber attack on their company. Of those respondents who did have crisis plans, 55 per cent thought their companies’ plans were not well publicised.
· Change: Majority of respondents internationally think that new business practices such as greater use of mobile technologies (71 per cent of respondents) and critical operating systems (69 per cent) represent a significant cyber risk to their organisation.
The full report can be found at: http://www.baesystems.com/ai/cyberthreat