Businesses must return to a proactive approach to combat rising cyber criminal activity, says the firm.
C-suites must refocus on security as cyber threats rise: BDO
Business executives must refocus on cyber governance after BDO found an increase in cyber criminals targeting customer and employee records.
Revealed as part of BDO’s Cyber Security Report, cyber attacks on business records grew by 70 per cent in Australia and 54 per cent in New Zealand since 2021.
The report also found attacks damaging brand and business reputation rose by 40 per cent across the same period.
BDO’s national cyber security leader Leon Fouche said cyber criminals have shifted their focus from causing system outages to data breaches and ransom demands instead, which are more costly due to reputational impacts and regulatory fines.
“Today, we cannot see a cyber attack as a possibility, rather expect to be attacked and have a plan and infrastructure in place to protect yourself,” said Mr Fouche.
“The reputational risk far outweighs any ransom that may be paid, with many large organisations still recovering from attacks years after.”
He said the recent report depicted a changed approach to cyber attacks from businesses including a decline in companies’ executive focus on cyber governance despite the increased level of cyber attacks on companies in 2022.
“Our data from this year’s report paints a different picture. Despite multiple cyber attacks on high profile companies in 2022, which resulted in widespread data breaches affecting millions of Australians and New Zealanders, we see a decline in senior leadership’s emphasis on cyber governance,” said Mr Fouche.
The report found the reduction in firms’ leadership focus on cyber governance corresponded with a decline in businesses’ confidence to respond to an incident.
“Although we saw increased confidence from 2020–2021 to respond to an attack, this past year we saw a substantial drop in response confidence, down by 18 per cent,” he said.
“A lack of confidence will only hinder an organisation’s ability to effectively mitigate cyber risk and recover from the incident. It is crucial that companies address the underlying challenges that are getting in the way of their ability to respond and mitigate.”
The report also revealed a 17 per cent increase in the number of organisations that experienced one or more cyber security incidents that had a detrimental impact on their operations.
“The next 12 months will present formidable challenges in the digital world. We have traditional threats, like ransomware attacks, that will likely persist as evidenced by the last seven years of survey data, accompanied by an increase in crypto-mining malware and phishing,” said Mr Fouche.
“On top of that we have cyber criminals learning to automate their attacks using artificial intelligence and machine learning, which will make attacks more complex, targeted and harder to defend against.”
Mr Fouche said the expanded complexity and increased frequency of the cyber attacks means the C-suite of Australian businesses need to shift their focus back to cyber resilience and prioritise investment in quality security infrastructure and proactive threat detection systems.
“Proactive C-suite involvement through governance and oversight of cyber systems and processes is essential to ensure companies are prepared.”
“Companies must remain vigilant and continually adopt their security strategies – these criminals are only getting smarter and they are not going away,” he said.
“Furthermore, as businesses continue to outsource products and services, it is more critical than ever to have a clear understanding of supply chain risk, that is where data is stored and ensure clear oversight of security implemented by third parties.”
“This is no doubt a challenging period of business with economic pressures pushing down and squeezing budgets at a time when significant investment in cyber government is crucial to defend against cyber criminals who now have the advantage of automating their work.”
“Being cyber resilient involves accepting this reality and putting a plan in place to respond.”