In 2020, there was a global shift in the way organisations do business, with digital progress that had been expected to take years occurring in months.
These changes have sparked a ‘cyber reality check’ that provides a timely reminder of the dangers as well as the opportunities on offer in an increasingly digital world.
For the fifth year in a row, the 2020 BDO and AusCERT Cyber Security Survey sought to identify the finer details of these digital shifts and find out whether Australian and New Zealand business leaders had changed their cybersecurity priorities.
Shifting attitudes to cyber
The survey results showed a definite change in attitudes among organisational leaders when it came to cybersecurity preparedness. The events of 2020 were a ‘cyber reality check’.
Many organisations increased investment in IT and cyber controls to manage the risk introduced by the rapid adoption of cloud and remote working solutions. Yet, even the leaders of these organisations quickly realised they weren’t as prepared for cyber risk as they thought they were. As a result, cyber risk reporting to boards rose by 18 per cent to meet the demand from leaders for greater insight into their organisation’s cybersecurity landscape.
In Australia and New Zealand, many respondents now recognise that cybersecurity is not a set-and-forget issue.
BDO Digital & Technology Advisory National Leader, Nick Kervin, says “our experiences in 2020 emphasised that cyber is a business imperative, not just an IT issue”.
“It requires constant oversight, investment and improvement to manage risks.”
This reality check is what the industry needed because it was likely a key factor contributing to the significant increase in cyber controls adopted by respondents during 2020, including security education and awareness training for staff and increased IT resources.
Unfortunately, many respondents were still overconfident and underprepared when it came to managing their cyber risk, making them susceptible to attack.
Each year the survey identifies the top five controls organisations invest in. This year, respondents who implemented those top five controls experienced almost a third fewer incidents than those without and they were 121 per cent more likely to report complete alignment between their cyber capability and business strategy.
Interestingly, the incidents discovered by those respondents without the top five controls incurred more significant impacts.
Organisations without the top five controls were almost four times as likely to need to pay a cyber ransom, more than twice as likely to lose access to systems and data following a cyber incident and almost twice as likely to have employee records compromised in a data breach.
Industries also had to be flexible in how they operate, including facilitating a remote workforce.
“It’s no surprise the types of incidents experienced have changed, with more people working from home than ever before… data breaches have doubled and ransomware is on the decline compared to the previous year,” Kervin says.
Respondents indicated a significant increase in data breaches caused by malicious hacking and accidental disclosures by staff, which can be attributed to IT support challenges during remote working and a lack of preparedness for increased cyberattacks.
The Australian Government’s 2020 Cyber Security Strategy highlighted the threat of foreign interference and state-sponsored cyberattacks.
Respondents to the BDO and AusCERT survey indicated that nation-state attacks remained active, with these attacks rising by 40 per cent since last year and doubling since 2016.
In 2020, respondents saw more suspected nation-state activity than ever before.
Given the increased interest from foreign governments, our supply chains are at greater risk, especially for those respondents who were not cyber-ready before COVID-19.
These findings highlight the importance of conducting third party risk assessments to build resilience through our supply chains, something that has been a driving factor in the Australian Government’s push to secure our critical infrastructure sectors.
Adaptation is key to winning the battle
With the pandemic continuing to present a range of unique challenges, Kervin says the cyber risk landscape will continue to change.
“Business owners and leaders need to stay on top of the cyber risks within their organisations and implement appropriate strategies to mitigate these”, he says.
“The 2020 Cyber Security Survey Report allows you to benchmark your approach against industry peers, by equipping you with trend data to assess your organisation’s strength and weaknesses and help you stay ahead of the curve.”