While security is now firmly on the agenda for senior leaders across Australia and businesses are better prepared than ever to address cyber-attacks, the threat of data breaches is accelerating and new legislation requires even greater vigilance according to the findings of the 2019 Telstra Security Report.
Based on interviews with 1,298 security decision makers across 13 countries, the report found that Australian businesses are set to increase their security budgets beyond their $900,000 average spend for 2018 in response to mounting cyber security challenges.
In its fourth year, the report also found that one in two Australian businesses had been fined for being in breach of new legislation in the past two years, and two-thirds of Australian companies surveyed had been the victim of a security breach in the past year.
What has become clear is that cyber security is no longer about trying to prevent breaches, it’s about accepting that they will occur and managing them carefully to minimise their impact.
Human error and data breaches persist as major hazards
While new threats continue to emerge, the research found that traditional challenges facing Australian businesses remain key concerns.
Human error – often caused by inadequate business processes and employees not understanding their organisation’s security policies – was the highest risk to IT security identified by 36 per cent of respondents.
The number one challenge for Australian businesses in managing security, however, was the ability to detect and effectively respond to data breaches in a timely manner.
Australian businesses are faster at detecting breaches than their international counterparts – 62 per cent of respondents said they can do this in minutes or hours compared to 50 per cent globally – but organisations still take too long to detect and contain a breach.
One concerning finding was that 19 per cent of Australian businesses estimated that more than half of all data breaches went undetected altogether in the past year, despite 74 per cent of respondents believing they have systems in place to detect a breach as it occurs.
Ransomware remains an ongoing threat
Ransomware attacks were just as prevalent this year as last, but it is encouraging to note that most potential victims have adopted safeguards against such attacks.
The frequency of attacks continues to cause significant disruption for some businesses – 32 per cent of Australian businesses that reported a security incident in the past year said that interruptions from ransomware occurred on a weekly or monthly basis.
More than half of the businesses that reported a ransomware attack also reported that they paid the ransom, up from 47 per cent of respondents in the previous year.
Increasingly, however, paying the ransom does not guarantee a retrieval of data. Of those that paid the ransom, 77 per cent were able to retrieve the data, compared with 86 per cent the year before.
Customer privacy concerns increase
Against a backdrop of more frequent and sophisticated attacks and the introduction of new regulations that force the public disclosure of breaches, companies are now more aware of the threat of reputational damage and the erosion of customer trust caused by cyber breaches.
It is no surprise that our research found that customer concern around data privacy is also on the increase in Australia and globally.
As more devices become connected and new technologies and use cases are implemented across businesses, managing cyber and electronic security now has a much broader scope than in past years.
Cybersecurity isn’t just about selling technology, it’s also about process management and educating employees. That’s why Telstra helps organisations carry out vulnerability testing, compliance and risk assessments, and has opened purpose-built security operations centres in Sydney and Melbourne to meet the special security requirements of our customers.
With the continuance of traditional challenges, and the increase in regularity and sophistication of security threats, leaders have had no option than to shift to an expectation of breach mentality. This means they must continue to step up to ensure they have the technology and practices in place to protect themselves and their customers as they operate in this increasingly connected world.
Download the 2019 Telstra Security Report below.