Blog

Can your organisation afford the true cost of a cyber attack?

“I’m here today to advise you that based on the advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor. This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.” Scott Morrison, Prime Minister of Australia

Nexon Asia Pacific /
Security

In light of recent episodes, The PM sent out a wake-up call to all Australian businesses, and just recently the government has issued Australia’s Cyber Security Strategy 2020(2) with a vision to ensure a “more secure online world for Australians, their businesses and the essential services upon which we all depend”.

Modern businesses rely on technology more than ever before, with I.T. infrastructure and data resources helping people to connect and work from any location. Increased connectivity also creates challenges, however, including reduced privacy, potential data loss, and greater exposure to activity from cyber-criminals and other state-based actors.

Cyber-attacks are increasing in Australia, and the consequences to businesses are wide ranging regardless of location or industry sector. The Proofpoint 2020 State of the Phish report found that 54% of Australian organisations experienced a successful fishing attack in 2019.

WHAT IS CYBER-CRIME?
Cyber-crime refers to a broad range of criminal acts connected with information and communications technologies (ICTs). Cyber-crime includes attacks directed at computers and crimes where computers are used as an integral part of the offence. Examples of cyber-crime include breaking into databases, denial of service attacks, phishing, malicious code, and malicious insider fraud.

THE COST OF CYBER-ATTACKS
Criminal activity connected with technology is associated with a range of costs, from financial costs linked to productivity and equipment losses through to reputation damage and regulatory fines. Many criminal activities are associated with multiple costs, some of which can be crippling or involve years of recovery time. Let’s take a look at the real cost of cyberattacks in Australia.

1. PRODUCTIVITY COSTS
Most cybercrimes will cause some kind of disruption to regular business activity, with many attacks specifically designed to disrupt services. For example, distributed denial of service (DDoS) attacks are associated with the biggest percentage of monetary losses, with web-based data theft and malicious hacking attacks also likely to affect productivity.

According to the 2019 Cost of Cybercrime study from Accenture, business disruption and data loss represent the biggest expense. Cybercrime cost Australian companies on average US$6.79 million in 2018, with three-quarters of this loss attributed to reduced productivity. In order to avoid these costs, it’s important to take preemptive measures to avoid and manage intrusions.

2. RECOVERY AND TECHNOLOGY COSTS
Cyberattacks take many forms, from phishing and malware attacks to web-based intrusions and denial of service. Along with productivity costs due to disruption and data loss, Australian businesses face significant recovery and equipment costs in order to restore systems and get operations back on track.

Reverse engineering security solutions and identifying attack vectors take significant time and resources, as does updating software and retraining staff. Along with productivity losses, businesses may need to spend a considerable sum of money paying for IT specialists, educating staff, and updating compromised software and hardware resources.

3. REPUTATION COSTS
When it comes to cybercrime, not all costs are tangible. Along with money itself, the reputation of an organisation can be severely affected by intrusion or data theft. While recovery costs are a direct expense and productivity costs are an indirect expense, reputation damage is best understood as an opportunity cost.

Data is the new global currency, with stolen or compromised data representing a huge potential loss for any organisation. Damage to business reputation can be measured from lost opportunities as a consequence of the security incident. While every business needs to safeguard their reputation carefully, research shows that technology and finance organisations are the ones which get highly impacted by cybercrime.

4. COMPLIANCE COSTS
Compliance costs also include a range of direct and indirect expenses as a result of cybercrime. Whether it’s the time spent filling in a report at the Australian Cyber Security Centre (ACSC), the cost of adapting a security stance, or a specific fine for non-compliance in one’s industry sector, compliance costs can be significant. When calculating the expense associated with an organisation’s cybersecurity strategy it is important that these costs are recognized.

Operating safely in the modern and connected world, and adhering to regulation will always involve some expense, but many of these costs can be greatly minimized through foresight and management. If you’re looking for a complete cybersecurity solution to ensure your safety and productivity, Nexon offers a range of tailored security packages.
If you would like to learn more, please contact Nexon for a free no-obligation consultation.

You can call us on 1300 800 000 or email us at enquiries@nexon.com.au to start the conversation.

In partnership with Proofpoint

  1. https://www.pm.gov.au/media/press-conference-australian-parliament-house-act-20
  2. https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy
  3. https://www.proofpoint.com/sites/default/files/gtd-pfpt-au-tr-state-of-the-phish-2020-a4_final.pdf
  4. https://www.accenture.com/_acnmedia/pdf-96/accenture-2019-cost-of-cybercrime-study-final.pdf
  5. https://www.cyber.gov.au/acsc/report/are-you-a-victim-of-cybercrime