Cybercrime is a multi-billion dollar industry. No one is immune. Risk profiling and proactive prevention is a requirement for all individuals and organisations.
On 16 May 2016 ASIC release its annual report on “scam activity” for 2015 entitled “Targeting Scams”. For the first time ASIC has been able to collate information from a variety of jurisdictions and agencies that monitor and collate date on cyber crime.
The report highlights that scam activity in Australia alone accounted for $229m in losses in 2015. Small business losses made up a percentage of this loss with a variety of scams reported.
This is just the tip of the iceberg.
Allianz Global Corporate & Speciality in September 2015 published its guide to cyber-risk. It estimated that cybercrime on an annual basis (in US dollars) cost:
- $445 billion – estimated annual cost to the global economy from cyber-crime.
- $200 billion plus – estimated annual cost to the world’s largest four economies – the US, China, Japan and Germany.
- 50% – the top ten economies account for approximately 50% plus of cyber-crime costs.
- $3.8 million – the average cost of data breaches is rising for companies around the world, up from $3.5 million a year earlier.
- $42.8 million – the number of detected cyberattack skyrocketed during 2014 – up 48% at roughly 117,339 incidents per day.
Allianz reported that the risks business most feared were:
- Data theft and manipulation (64%)
- Loss of reputation (48%)
- Increased threat of persistent hacking (44%)
- Data exfiltration attack (40%
- Accidental data breach (21%)
- Website hacking (15%)
- Other (13%)
In its recent report, the Australian Strategic Policy Institute ranked Australia fifth out of the twenty countries that were surveyed as to their overall awareness and approach to cyber-risk. This represents a downgrade from the last rating.
Of particular significance is that Australia only rated a 7/10 in respect of policies, security and consumer protection. CompTIA in its May 2016 publication entitled
“International Trends in Cybersecurity” reported that 23 percent of organisations surveyed across 12 countries (including Australia) that “they had experienced at least
one security breach or incident in the past 12 months”.
In March 2015 ASIC released a report entitled “Cyber Resilience Health Check”.
“Cyber resilience is the ability to prepare for, respond to and recover from a cyber-attack. Resilience is more than just preventing or responding to an attack – it also takes into account the ability to operate during, and to adapt and recover from such an event” (page 4).
ASIC identified a number of key steps that any business should consider as part of its cyber strategy. These include:
- What are your cyber risks?
- Is your Board or Senior Management aware of your cyber risks?
- Do you have in place appropriate policies and
- procedures responding to cyber use, risks and attacks?
- Can you detect a cyber risk/attack?
- If you are the subject of a cyber-attack who do you need to notify (i.e. regulators, clients, etc.)?
- Do you have adequate insurance that responds to a cyber-attack?
- When do you institute your recovery plan?
- How do you deal with repetitional damage/loss?
CompTIA reported that only 23 percent of organisations that it surveyed rated “their cyber security education and training methods as extremely effective”. No matter what size your organisation is you are a potential target. Good governance requires that you consider your risk profile and plan accordingly.
This Alert is intended as an alert only. It does not purport to be comprehensive advice. Readers should seek professional advice before acting in relation to these matters.