Skip to Main Content
Security banner image

Cyber Security

Direct costs associated with cybersecurity incidents costs Australian businesses $29 billion per annum

Sydney, Australia, 26 June 2018 – A Frost & Sullivan study commissioned by Microsoft, has revealed that the potential direct economic loss of cybersecurity incidents on Australian businesses can hit a staggering AU$29 billion per year, the equivalent of almost 2% (1.9%) of Australia’s GDP. Direct costs refer to tangible losses in revenue, decreased profitability and fines, lawsuits and remediation.

The study, titled “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World”, aims to provide business and IT decision makers with insights on the economic cost of cybersecurity breaches in the region and identify the gaps in organisations’ cybersecurity strategies.

The study reveals that more than half of the organisations surveyed in Australia have experienced a cybersecurity incident (55%) in the last five months while 1 in 5 companies (20%) are not sure if they have had one or not as they have not performed proper forensics or a data breach assessment.

“The number of organisations that have experienced a cybersecurity incident, although large, is not particularly surprising given the increased rate of cybersecurity attacks we’re seeing annually,” said Tom Daemen, Director of Corporate, Legal and External Affairs, Microsoft. “However, the finding that 1 in 5 Australian businesses are not performing regular forensics and data breach assessments is surprising given the frequency of attacks and suggests a need for greater awareness and a cultural shift in how we manage and think about data.”

The true cost of cybersecurity incidents on organisations

The study revealed that a large-sized organisation (over 500 employees) in Australia can incur an economic loss of AU$35.9 million if a breach occurs. The economic loss is calculated from direct costs, indirect costs (including customer churn and reputation damage) as well as induced costs (the impact of cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending).

“Although the direct losses from cybersecurity breaches are most visible, they are just the tip of the iceberg,” said Edison Yu, Vice President and Asia Pacific Head of Enterprise for Frost & Sullivan. “There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organisations suffering from cybersecurity attacks can be often underestimated.”

Fear and doubt surrounding cybersecurity incidents are undermining Australian organisations’ willingness to capture opportunities associated with today’s digital economy, with 66% of respondents stating that their enterprise has put off digital transformation efforts due to the fear of cyber-risks.

“The fact that two-thirds of Australian organisations are putting off digital transformation efforts is concerning, when you consider that digital transformation is expected to contribute A$45 billion to Australia’s economy by 2021. To combat this, we need to be instilling a data culture throughout organisations,” said Daemen. “Data management needs to be prioritised in the boardroom as a strategic focus. Not only will this ensure organisations comply with Australian Notifiable Data Breaches Act and European GDPR legislation, but it will empower employees to see data as the strategic asset it is – and push forward with digital transformation initiatives.”

Artifical Intelligence (AI) is the next frontier in cybersecurity defence

In today’s digital world, cyberthreats are constantly evolving and attack surface is rapidly expanding. AI is becoming a potent opponent against attacks as it can detect and act on threat vectors based on data insights. The study reveals that four in five (84%) organisations in Australia have either adopted or are looking to adopt an AI approach towards boosting cybersecurity.

An AI-driven cybersecurity architecture will be more intelligent and be equipped with predictive abilities to allow organisations to fix or strengthen their security posture before problems emerge.

It will also grant companies with the capabilities to accomplish tasks, such as identifying cyberattacks, removal of persistent threats and fixing bugs, faster than any human could, making it an increasingly vital element of any organisations’ cybersecurity strategy.

Although ransomware and DDoS attacks have dominated headlines in recent times, the study found that online brand impersonation, remote code execution and data corruption are actually the bigger concern as they have the highest impact on business with the slowest recovery time.

“The ever-changing threat environment is challenging, but there are ways to be more effective using the right technology and instilling the right culture,” added Daemen.

About the “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” Study

This study involved a survey conducted with 1,300 respondents from 13 markets – Australia, China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand.

All respondents are business and IT decision-makers involved in shaping their organisations’ cybersecurity strategies. 44% of them being business decision-makers, including CEOs, COOs and Directors, while 56% are IT decision-makers, including CIOs, CISO and IT Directors. 29% of participants are from mid-sized organisations (250 to 499 staff); and 71% are from large-sized organisations (more than 500 staff). 

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organisation on the planet to achieve more.

For more information, please contact:

Microsoft Australia
Elizabeth Greene
elizabeth.greene@microsoft.com