The potential direct economic loss due to cybersecurity incidents for Australian businesses can hit A$29 billion per year, the equivalent of 1.9% of Australia’s GDP, according to a new Microsoft commissioned Frost & Sulivan study.
Microsoft said fear and doubt around cybersecurity incidents were undermining Australian organisations’ willingness to seize opportunities associated with the buoyant digital economy, with 66% of respondents saying their enterprise had shelved plans for digital transformation due to the fear of cyber-risks.
While ransomware and DDoS attacks have dominated headlines in recent times, the study found that online brand impersonation, remote code execution and data corruption were actually the bigger concern as they have the highest impact on business with the slowest recovery time.
The Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World report defines direct costs as tangible losses in revenue, decreased profitability and fines, lawsuits and remediation.
According to Microsoft, it aims to provide business and IT decision makers with insights on the economic cost of cybersecurity breaches in the region, highlighting key ommissions in organisations’ cybersecurity strategies.
The study found that more than half of the organisations surveyed in Australia had experienced a cybersecurity incident (55%) in the last five months, while 1 in 5 companies polled were not sure if they had or not, as they hadn’t performed adequate forensics or a data breach assessment.
“The number of organisations that have experienced a cybersecurity incident, although large, is not particularly surprising given the increased rate of cybersecurity attacks we’re seeing annually,” said Tom Daemen, Microsoft ANZ Director of Corporate, Legal and External Affairs.
“However, the finding that 1 in 5 Australian businesses are not performing regular forensics and data breach assessments is surprising given the frequency of attacks and suggests a need for greater awareness and a cultural shift in how we manage and think about data.”
The true cost of cybersecurity incidents for organisations
The study also revealed that large organisations with more than 500 employees)in Australia can cop an economic loss of A$35.9 million if a breach occurs. The economic loss is calculated from direct costs, indirect costs – including customer churn and reputation damage – as well as induced costs; the impact of cyber breaches on the broader ecosystem and economy, such as declining consumer and enterprise spending.
“Although the direct losses from cybersecurity breaches are most visible, they are just the tip of the iceberg,” said Frost & Sullivan VP and APAC Head of Enterprise Edison Yu. “There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organisations suffering from cybersecurity attacks can be often underestimated.”
Daemen noted his concern about the fact that two-thirds of Australian organisations were postponing digital transformation efforts, given that digital transformation is expected to contribute A$45 billion to Australia’s economy by 2021.
“To combat this, we need to be instilling a data culture throughout organisations,” he urged. “Data management needs to be prioritised in the boardroom as a strategic focus. Not only will this ensure organisations comply with Australian Notifiable Data Breaches Act and European GDPR legislation, but it will empower employees to see data as the strategic asset it is – and push forward with digital transformation initiatives.”
“The ever-changing threat environment is challenging, but there are ways to be more effective using the right technology and instilling the right culture,” said Daemen.
Artifical Intelligence is the next frontier in cybersecurity defence
In addition, the survey showed that AI is shaping up to be a powerful opponent against attacks as it can detect and act on threat vectors based on data insights. The study found that four in five (84%) organisations in Australia had either adopted or were looking to adopt an AI approach towards beefing up cybersecurity.
“An AI-driven cybersecurity architecture will be more intelligent and be equipped with predictive abilities to allow organisations to fix or strengthen their security posture before problems emerge,” said Microsoft.
“It will also grant companies with the capabilities to accomplish tasks, such as identifying cyberattacks, removal of persistent threats and fixing bugs, faster than any human could, making it an increasingly vital element of any organisations’ cybersecurity strategy.”
The study involved a survey conducted with 1,300 respondents from 13 markets – Australia, China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand.
All respondents are business and IT decision-makers involved in shaping their organisations’ cybersecurity strategies. 44% of them being business decision-makers, including CEOs, COOs and Directors, while 56% are IT decision-makers, including CIOs, CISO and IT Directors. 29% of participants are from mid-sized organisations (250 to 499 staff); and 71% are from large-sized organisations (more than 500 staff).