Australian businesses are increasingly under threat from malicious cyber attacks and data breaches that leave consumers vulnerable, a new report has revealed.
Data breaches are a growing issue around the world, with the cost to Australian businesses increasing by more than 14 per cent over the past year, research sponsored by IBM Security and conducted by the Ponemon Institute has shown.
The average cost of a data breach to an Australian business soared to more than $3 million in 2018-19, the study found.
Australia lagged behind the US, UK, Canada, ASEAN nations, Germany and South Africa when it came to identifying and containing breaches.
The average time for an Australian business to identify a data breach was 200 days in 2019, with a further 81 days required to contain the threat.
By contrast, businesses in world-leader Germany took an average of 131 days to identify a breach, and 39 days to contain it.
“We see examples where adverse actors have been inside an environment for a number of years,” IBM Asia Pacific X-Force Incident Response and Intelligence Services lead Stephen Burmester said.
“The industry average time [to identify a breach] is 185 days. Here in Australia unfortunately we’re above that average at 200 days.
“It’s not just taking longer to identify, it’s taking longer to contain. All of that is having a big impact on Australia.”
There have been a slew of high-profile data breaches in Australia this year alone.
In January, the work details of 30,000 Victorian public servants was stolen after part of the Victorian Government directory was downloaded by an unknown party.
In June, the Australian National University revealed that hackers had the personal data of staff, students and visitors dating back almost 20 years after breaking into the university’s IT network.
The IBM study found that the odds of data breaches occurring are rapidly increasing.
In 2019, there is a 29.6 per cent chance of an organisation experiencing a data breach within the next two years, up from 22.6 per cent in 2014.
“In other words, organisations today are nearly one-third more likely to experience a breach within two years than they were in 2014,” the report said.
Malicious cyber attacks on the rise
Malicious cyber attacks were responsible for the majority of data breaches, followed by human error, and system glitches.
Since 2014, the share of breaches caused by malicious attacks surged by 21 per cent, increasing from 42 per cent of breaches in 2014 to 51 per cent of breaches in 2019, the study found.
In order to better protect consumer data and contain losses, businesses should be prepared for the “inevitable” occurrence of data breaches, Mr Burmester said.
“It’s not a case of if, but a matter of when,” he said.
“If you’re actually prepared for [data breaches] and you practise you can minimise the cost to your business.”
Data breaches lead to customer ‘churn’
The study showed that consumers care about whether their data is being properly protected by businesses.
The global average customer turnover rate following a data breach in 2019 was 3.9 per cent, an increase from last year’s customer turnover rate of 3.4 per cent.
“In some industries confidence in data security is driving consumer choices,” Mr Burmester said.
“We’re seeing that if a breach occurs, customers churn from one provider to another. So customers are taking this seriously – where they have a choice.
“But for some services customers do not have a choice and you can only go to one provider.”