New research from BDO has found Australian companies are unaware of the cyber security threats they're facing, despite becoming more sophisticated in how they manage the issue more broadly.
New research from BDO has found Australian companies are unaware of the cyber security threats they're facing, despite becoming more sophisticated in how they manage the issue more broadly.
Those findings come at an important time for many businesses across the country, who have begun to embrace remote working in response to the COVID-19 pandemic.
The accounting and consultancy firm's survey, which was completed by 500 board members and executives across Australia, found encouraging signs in how businesses approached cyber security risks overall, embracing organisation-wide procedures over off-the-shelf solutions.
That was alongside other positive moves, including a growth in the number of chief information security officer roles, which increased by 46 per cent in 2019 compared to 2018, and a greater uptake in cyber insurance, which increased by 31 per cent.
“Decision makers are focusing less on ‘silver-bullet’ technology solutions and more on establishing enterprise-wide processes to better prepare their companies for cyber incidents,” BDO cyber security leader Leon Fouche said.
“Our latest research shows companies with more senior stakeholders involved in cyber security adopt a more holistic approach to effectively managing cyber risk – and it’s paying off.”
While those results signified businesses were getting better at implementing cyber security measures, many were unaware of what incidents were likely to affect them in the coming year.
For example, phishing incidents were found to be 30 per cent common than surveyed businesses expected, while threats from insiders were found to be twice as common than expected.
And though businesses expected insider threats to grow by just 10 per cent this year, BDO projected them to increase by 40 per cent.
“Companies face a range of cyber security threats that originate both external and internal,” Mr Fouche said.
“Over time, these threats change, as do the technologies used and the motivations of the adversaries.”
“There’s no one-size-fits-all approach to preparing for cyber threats.
“Most insider threats are not necessarily malicious and more commonly the result of human error, however, this internal threat cannot be underestimated.”
Those findings were worrying, Mr Fouche said, as an increase in remote working portended businesses having a greater reliance on their cyber capabilities in the future.
“As people do more work on their personal devices and companies adopt flexible working arrangements, our reliance on people working from a traditional office setting is decreasing,” he said.
“People are accessing company data 24/7, on the go, from a range of devices – making it easier than ever to access.
“As the way we work changes, the complexities in companies identifying and addressing cyber security becomes more complex.”
The report went on to suggest that, if businesses were to have a CISO, a security operations centre, a cyber security awareness program for staff, third party risk assessments as well as incident response plans, they would experience 31 per cent fewer incidents and face fewer cyber risk management challenges overall.
“As the complexity and extent of digital capabilities grow, so too does our dependence on them,” Mr Fouche said.
“As companies seek to capitalise on the opportunities of 2020 and beyond, they must also be prepared to defend against the threats that our reliance on technology has brought."