accountants daily logo

C-suites must refocus on security as cyber threats rise: BDO


Businesses must return to a proactive approach to combat rising cyber criminal activity, says the firm.

By Josh Needs 10 minute read

Business executives must refocus on cyber governance after BDO found an increase in cyber criminals targeting customer and employee records. 

Revealed as part of BDO’s Cyber Security Report, cyber attacks on business records grew by 70 per cent in Australia and 54 per cent in New Zealand since 2021. 

The report also found attacks damaging brand and business reputation rose by 40 per cent across the same period. 

BDO’s national cyber security leader Leon Fouche said cyber criminals have shifted their focus from causing system outages to data breaches and ransom demands instead, which are more costly due to reputational impacts and regulatory fines. 

“Today, we cannot see a cyber attack as a possibility, rather expect to be attacked and have a plan and infrastructure in place to protect yourself,” said Mr Fouche. 

“The reputational risk far outweighs any ransom that may be paid, with many large organisations still recovering from attacks years after.” 

He said the recent report depicted a changed approach to cyber attacks from businesses including a decline in companies’ executive focus on cyber governance despite the increased level of cyber attacks on companies in 2022.

“Our data from this year’s report paints a different picture. Despite multiple cyber attacks on high profile companies in 2022, which resulted in widespread data breaches affecting millions of Australians and New Zealanders, we see a decline in senior leadership’s emphasis on cyber governance,” said Mr Fouche. 

The report found the reduction in firms’ leadership focus on cyber governance corresponded with a decline in businesses’ confidence to respond to an incident.

“Although we saw increased confidence from 2020–2021 to respond to an attack, this past year we saw a substantial drop in response confidence, down by 18 per cent,” he said. 

“A lack of confidence will only hinder an organisation’s ability to effectively mitigate cyber risk and recover from the incident. It is crucial that companies address the underlying challenges that are getting in the way of their ability to respond and mitigate.” 

The report also revealed a 17 per cent increase in the number of organisations that experienced one or more cyber security incidents that had a detrimental impact on their operations.

“The next 12 months will present formidable challenges in the digital world. We have traditional threats, like ransomware attacks, that will likely persist as evidenced by the last seven years of survey data, accompanied by an increase in crypto-mining malware and phishing,” said Mr Fouche. 

“On top of that we have cyber criminals learning to automate their attacks using artificial intelligence and machine learning, which will make attacks more complex, targeted and harder to defend against.” 

Mr Fouche said the expanded complexity and increased frequency of the cyber attacks means the C-suite of Australian businesses need to shift their focus back to cyber resilience and prioritise investment in quality security infrastructure and proactive threat detection systems.

“Proactive C-suite involvement through governance and oversight of cyber systems and processes is essential to ensure companies are prepared.” 

“Companies must remain vigilant and continually adopt their security strategies – these criminals are only getting smarter and they are not going away,” he said. 

“Furthermore, as businesses continue to outsource products and services, it is more critical than ever to have a clear understanding of supply chain risk, that is where data is stored and ensure clear oversight of security implemented by third parties.”

“This is no doubt a challenging period of business with economic pressures pushing down and squeezing budgets at a time when significant investment in cyber government is crucial to defend against cyber criminals who now have the advantage of automating their work.”

“Being cyber resilient involves accepting this reality and putting a plan in place to respond.” 


You need to be a member to post comments. Become a member for free today!
Josh Needs

Josh Needs


Josh Needs is a journalist at Accountants Daily and SMSF Adviser, which are the leading sources of news, strategy, and educational content for professionals in the accounting and SMSF sectors.

Josh studied journalism at the University of NSW and previously wrote news, feature articles and video reviews for Unsealed 4x4, a specialist offroad motoring website. Since joining the Momentum Media Team in 2022, Josh has written for Accountants Daily and SMSF Adviser.

You can email Josh on: This email address is being protected from spambots. You need JavaScript enabled to view it.

You are not authorised to post comments.

Comments will undergo moderation before they get published.