Cyber risk remains a relevant and ever present consequence of society’s pervasive adoption of technology. For this very reason, the need for organisations to be able to detect, respond and recover from a cyber incident are more important than ever.
Our 2018/2019 survey results prove one of the biggest hurdles is being overcome, with a genuine uplift in leadership awareness of cyber security and improved reporting to decision makers.
What is needed though is a greater focus on reducing the impact of a cyber incident. Being able to detect it great, but it is only truly beneficial if a response is swift and targeted.
Here’s a summary of our key insights. To learn more, check out the full report.
Leadership is increasingly aware of cyber risk
Survey respondents demonstrated a clear increase in cyber security awareness in 2018. This shift in attitude has come directly from the top, indicating that there is a true increase in leadership awareness of cyber security and improved reporting to these senior levels.
Where the Board and Executive Leadership Team have greater oversight and understanding of their organisation’s cyber security risks, greater support and implementation of proactive cyber security controls is reported.
Are your organisation’s leaders engaged and on board with your cyber security approach?
Increasing data breaches or just mandatory reporting?
Data loss/theft of confidential information incidents rose by 78.68% in 2018 compared to 2017. This significant increase could be related to the implementation of the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB) in Australia in early 2018. The Act’s requirements for mandatory reporting has seen investment in preparedness measures across many respondent organisations.
Despite this, the survey highlighted that organisations are not focusing enough on response or incident management procedures. These components, along with cyber insurance, should form part of a comprehensive cyber security resiliance program, as they allow organisations to more effectively minimise the impact of breaches, while ensuring a rapid investigation into the cause and effect.
Hacktivist attacks expected to be nearly twice as common in 2019
When asked about the types of attackers that would be most prevalent in 2019, respondents indicated that activists/hacktivists would be nearly twice as likely to be sources of cyber security incidents than the previous year.
Organisations could be underestimating the prevalence of cyber security criminals and insiders, and overestimating the frequency of attacks launched by other actors. This could be symptomatic of a limited understanding of the relevant cyber security threat risk landscape.
The continued rise of phishing
Trend data from our survey results since 2016 outlines a consistent rise in phishing incidents. In fact, it remains the most common incident experienced. Adversaries continue to target the human psyche, our inquisitiveness and general position of trust. Humans are continuing to prove to be a weak link in the layers of defence.
We have seen many businesses slowly implementing phishing awareness training across their workforce, but educating all employees about the dangers of phishing is a slow process. While education continues to improve, we expect phishing to remain the most popular attack vector.
For the full list of insights from the 2018/2019 BDO and AusCERT Cyber Security Survey, download the report.
Download the 2018/2019 results report