In 2021, Australia ranked fourth regarding cybercrime per capita. Over the year 2022-2023, the Australian Cyber Security Centre recorded 94,000 cybercrime reports, representing a 23% increase from the previous year.
As contributing factors to a global increase in cyber risks, an Industry Advisory Committee mentioned the adoption of new technologies and increased online presence through work-from home.
Damaging attacks
Those attacks are particularly damaging when they involve ransomware. A lot of Australian would remember when, in September 2022, Telecommunication giant Optus and its 9.8 million customers were victims of a cyber-attack. Hackers gained access to personal information such as customers’ phone numbers, medical records, or addresses. They threated to progressively reveal them if a A$1.5m ransom wasn’t paid to them. This demand was then withdrawn by its authors.
Home Affairs Minister Clare O’Neil confirmed later the government was examining the idea of a bill prohibiting companies from paying ransoms in order to discourage such large-scale attacks.
In 2022-2023, the average cost per cybercrime was over $46,000 for small businesses, $97,200 for medium businesses, and over $71,600 for large businesses. An average increase of 14% from the previous year.
Although bigger companies are more likely to be targeted, these attacks are usually even more damaging for smaller companies with less defences and possibilities to bounce back.
Bolstering defences
Talking to 9News, Minister O’Neil underlined the need for private citizens to increase their vigilance (not using the same password twice or enabling two factor authentication when possible).
“Australians citizens need to change. But businesses and government need to step up to”, she said.
According to Mike Bareja and Alexandra Caples in The Strategist, this vulnerability also stems from miscommunication between stakeholder: “Information asymmetries between consumers, companies and governments make stopping threats and responding to incidents slow, ineffective and expensive.”
Multiple reasons can explain why some companies do not report cyber-crimes to the government, notably reputational risks, the fear of a share-price drop, or potential legal downfall. As such, the Australian government as introduced the mandatory reporting of ransomware attacks, which represent around 10% of cyber incidents.
With some businesses also not conducting cyber safety check, the government will fund cyber health check for them. The Federal Government is to invest at least A$586 million into the cyber capabilities of the country. notably via “Operation Aquila”, increasing means for a specific cyber security task force in the Federal Police. This funding comes on top of over 2.3 billion going to cybersecurity according to the ABC.
Overall, the government ambitions for Australia to be a cybersecurity world leader by 2030, therefore having a consequent gap to fill.
Comentarios