The BDO and AusCERT 2019 Cyber Security Survey: Understanding the cyber threat landscape
Each year, BDO in Australia and BDO in New Zealand, in partnership with AusCERT, survey organisations’ response to the growing cyber threat landscape. The annual survey highlights the current cyber security trends, changes, challenges and risks faced by Australian and New Zealand organisations.
The 2019 results present an interesting contrast in terms of both recurring themes and shifting security investments.
Cyber risk remains a global concern
There is no escaping technology in today’s modern economy. Whether it is for personal, organisational or social means, the reliance on technology is constantly increasing. Organisations are recognising that technology and cyber security risk is a critical concern.
In 2020, with climate change and infectious deceases at the forefront of public discussion, it is unsurprising that business interruptions associated to these are amongst the highest-rated risk in terms of likelihood. This is closely followed by data fraud or theft and cyber attacks. The fact cyber security risk rates so high, despite pressing global concerns, highlights the likely view of many organisations that cyber attacks and data loss are inevitable in the current landscape.
Misinterpretation of the cyber threat risk landscape
Since 2016, a key trend emerging from the survey data is the consistent misinterpretation or attribution of the cyber threat risk landscape. Such misinterpretation is likely the result of two key factors.
Firstly, governance and risk reporting is not effective in communicating the cyber security risk, which means executive leaders do not have visibility of the organisation’s information and cyber security risk, so they cannot make appropriate decisions to combat it.
Secondly, organisations find it challenging to assess their threat profile, so they find it difficult to identify threat actors who would seek to compromise their information assets or determine how these adversaries are likely to do so.
It is therefore important to take a threat based approach to cyber security to ensure an organisation remains forward looking when considering its cyber security investments.
Shifting security investments
During 2019 there was a shift away from technology security controls and an increase in the adoption of security governance and supporting processes. Organisations have come to understand that cyber attacks are a certainty, they’ve moved away from ‘silver-bullet’ vendor technologies and towards wider governance controls to help them best understand their most likely threats and risks, and to focus investments accordingly.
The top five security control measures that grew in adoption over the past three years were establishing Chief Information Security Officer (CISO) roles, implementing Security Operation Centres (SOC), rolling out security awareness programs, performing regular third party/vendor risk assessments and implementation of cyber incident response plans.
Organisations who have invested in these top five security controls have better aligned their cyber security capabilities with organisational objectives, and are less likely to experience a cyber security incident.
Winning the battle
Although the cyber risk landscape is difficult to navigate, our responsibility as cyber security practitioners, risk decision-makers, and business leaders, is to ensure a threat actor’s cost is greater than their reward. We can only do this by staying knowledgeable and abreast of the tactics, tools, and procedures of our adversaries.
The 2019 Cyber Security Survey Report marks the first step in preparing your organisation against a cyber security incident. The report is a valuable tool that allows you to benchmark your organisation against industry peers by providing trend data to assess your organisation’s strength and weaknesses.
Download the full report to discover the latest insights to help you develop a better understanding of the threat landscape and how to defend your organisation beyond 2020.