Australian Organisations Rank Cyberattacks as the Number One Risk to their Business

Australian Organisations Rank Cyberattacks as the Number One Risk to their Business

Mobile Computing, Social Media & the Consumerisation of IT Drive Australian Security

SYDNEY, AUSTRALIA – June 2nd, 2011 – Australian businesses rate cyberattacks as a more significant source of risk to their operations than terrorism or natural disasters, according to new research conducted by Symantec Corp. (NASDAQ: SYMC).

The 2011 State of Security Study, released today as part of National Cyber Security Awareness Week, asked 250 Australian organisations to identify the most significant threats facing their organisations. Cyberattacks emerged as the most significant risk, ranking above accidental IT incidents and IT attacks conducted by insiders which respondents said are the second and third most-significant risks. Traditional crime, brand-related events such as incidents that cause negative publicity, natural disasters and terrorist acts were rated the fourth through seventh most significant risks.

Concern about cyberattacks is well-founded with two-thirds (67 percent) of the surveyed businesses having experienced a cyberattack in the past 12 months. Larger organisations were more likely to see cyberattacks at 73 percent, compared to 63 percent of SMBs. In addition, about one fifth (21 percent) experienced an increase in the frequency of cyberattacks.

“High profile IT exploits witnessed throughout 2011 demonstrate that criminals are going after valuable targets around the world, a trend that is reflected in the study’s finding that larger businesses report a greater prevalence of attacks,” said Steve Martin, director, SMB, Pacific region, Symantec.

Mobile Computing, Social Media & the Consumerisation of IT Drive Australian Security

The survey also found that cybersecurity is more important to Australian businesses now than it was one year ago. In fact, more than one third (37 percent) see cybersecurity as being somewhat or significantly more important than 12 months ago. Companies with more than 500 employees are more concerned about security improvements than smaller companies, with 44 percent of larger companies believing security is more important compared to 32 percent of smaller entities.

The importance of cybersecurity is largely being driven by three key industry trends. Mobile technology was identified as the technology most respondents saw as increasing the difficulty of securing their operations, with 51 percent seeing it as a significant trend. Forty-five percent saw social media as introducing new difficulties, while 43 percent worry that employees introducing personal devices to the workplace will increase risk, a trend known as the consumerisation of IT.

“The challenge for many businesses is finding the right balance of leveraging productivity-enhancing innovations like mobile computing, social media, the consumerisation of IT, cloud computing and virtualisation whilst not comprising on their levels of cybersecurity. The best approach for any business facing these security challenges is to apply the same levels of security and management to all endpoints – whether mobile, on premise or in the cloud – without exception.”

Cyberattacks Cause Downtime, Financial Cost & Data Loss

Every organisation (100 percent) experienced some form of loss as a result of a cyberattack, the study showed. While a typical business lost AUD$7,925 (median) as a result of a cyberattack, 20 percent of businesses experienced a loss of AUD$100,000 or more. Half of the survey respondents (50 percent) experienced downtime as a result of cyberattacks; 18 percent lost intellectual property; 13 percent lost other corporate data and 11 percent reported theft of financial data or credit card numbers.

Nearly one in four (24 percent) could not identify what sort of information was taken or impacted as a result of a cyberattack. Organisations surveyed could however pinpoint the nature of attacks and reported that social engineering attacks and malicious code attacks were growing somewhat or extremely quickly.

“The prevalence of data loss caused by cyberattacks reported in this study highlights the need for more stringent cybercrime laws and legislative reforms that require companies to notify their customers of a data breach to be fast-tracked in Australia.  We recommend that organisations take a proactive and holistic approach to their IT security that minimises the likelihood of data breaches caused by cyberattacks,” added Martin.

Additional Findings

• Twenty-two percent of respondents said they have experienced a somewhat or extremely high level of attacks from both malicious code and social media. Some 17 percent experienced the same levels of external malicious attacks
• Nearly half of respondents are pursuing strategic security initiatives or pursuing new security technologies in response to cyberattacks
• Data loss prevention tools are high on the shopping list for Australian businesses
• Only one third are increasing spend on end-user training and awareness while spending on security for virtualised and public cloud systems is accelerating

Recommendations

• Organisations need to protect their infrastructure by securing their endpoints, messaging and Web environments. In addition, defending critical internal servers and implementing the ability to back up and recover data should be priorities. Organisations also need the visibility and security intelligence to respond to threats rapidly
• IT administrators need to protect information proactively by taking an information-centric approach to protect both information and interactions. Taking a content-aware approach to protecting information is key in knowing where sensitive information resides, who has access, and how it is coming in or leaving your organisation
• Organisations need to develop and enforce IT policies and automate their compliance processes. By prioritising risks and defining policies that span across all locations, customers can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen
• Organisations need to manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.

About the 2011 State of Security StudySymantec debuted the State of Security Study in 2010 and this year has expanded the report to include small and mid-sized businesses as well. Applied Research fielded this survey on behalf of Symantec by telephone in April 2011. Of the Australian organisations surveyed, 150 organisations had between 5-499 employees and the remaining 100 had 500 employees or more. The survey has a reliability of 95 percent confidence with +/- 6.2 percent margin of error.