A 2020 cyber-security survey released by BDO and AusCERT on Tuesday highlighted a failure among organisations to identify the cyber-security risks posed by rapid digitisation, as the rate of data breaches more than doubled year-on-year.
“While we have seen significant improvements in cyber security and awareness across Australian and New Zealand organisations as a result of the pandemic, the majority still fail to interpret their threat landscape accurately,” said Leon Fouche, national cyber-security adviser at BDO.
“Many organisations don’t understand which adversaries are targeting them, what assets they seek to compromise, and how they will do so.”
The survey found that data breaches through 2020 more than doubled compared with the previous year, with malicious hacking increasing by 91 per cent while accidental disclosures by staff rose almost 60 per cent.
Last year emerged as an unprecedented digital test for businesses, Mr Fouche said, as industries and governments were forced to make years of digital progress over the course of a few months, highlighting serious risks for those who didn’t have adequate cyber-security measures in place before moving to digitise.
“Never before has the modern world seen such a rapid, global rush to digitise business practices,” Mr Fouche said. “Boards are now more cyber engaged than ever before, and more chief information security officers are being appointed.”
As a result, cyber-security concerns are rising at a board level, according to the report, which highlighted an 11 per cent increase in the appointment of chief information security officers in 2020, and a rise of cyber-risk reporting, up by 18 per cent.
However, respondents reported being less concerned with accidental disclosure than in previous years, despite accidental disclosures accounting for a significant portion of all incidents.
“These predictions suggest many organisations don’t understand their cyber threats and risks,” Mr Fouche said, “which could mean they are focusing their cyber investment in areas they potentially won’t need, and under-investing in the areas they will.”
One of these vulnerable areas are supply chains, which are more than 50 per cent likely to be exposed to cyber threats, according to the survey. For businesses operating without cyber-security measures in place, reports of supply chain breaches more than tripled over the same period.
“Our findings highlight the importance of third-party risk assessments to build resilience through supply chains,” Mr Fouche said. “The rise in third-party breaches is not surprising and has been on the radar of cyber decision-makers for a long time.”
In the wake of the pandemic, and the surging rate of cyber attacks that accompanied it, organisations are coming to terms with the need for ongoing cyber-security measures, Mr Fouche said.
“Now, more than ever, Australian and New Zealand organisations understand the importance of clear, ongoing visibility into their cyber threats and risks, and that cyber security cannot be just an IT issue,” the cyber-security adviser said. “It is a whole-of-business issue.”
John Buckley is a journalist at Accountants Daily.
Before joining the team in 2021, John worked at The Sydney Morning Herald. His reporting has featured in a range of outlets including The Washington Post, The Age, and The Saturday Paper.