Australia has been rocked by a series of data breaches impacting businesses across the country. While many people may have been following the high-profile cases that have hit the news recently, the cost of cybercrime in Australia is increasing for organizations of all sizes.
A recent report from the Australian Cyber Security Centre (ACSC), The Annual Cyber Threat Report, July 2021 to June 2022, shows just how seriously the rise in cybercrime is affecting businesses in recent times. Businesses are reporting an attack every seven minutes, compared to an average of every eight minutes during the previous financial year.
More attacks than ever
The number of attacks on Australian organizations has risen 13% in the last year to more than 76,000. This shows that the threat isn’t limited to high-profile cases, and businesses of all sizes are falling victim to cybercriminals.
There’s been a rapid evolution in the techniques cybercriminals use to damage businesses.. Criminals are using malware in their attacks but also employing sophisticated methods of target identification and exploitation, service delivery, cash-outs, and more. Unfortunately, as these tactics become readily available to purchase on the Crime-as-a-Service marketplace, they become more accessible to less technologically savvy criminals and lower the barrier of entry to cybercrime.
Average costs of attacks are rising
The report shows that the average cost of a single cybercrime report is more than $39,000 (AUD) for small businesses, $88,000 for medium businesses, and $62,000 for large businesses. Compared to the previous financial year, that’s an increase of 14%. This shows that individual attacks are damaging Australian businesses more than ever.
The cost of an attack isn’t just financial, however. An attack can also:
- Damage business reputation
- Disrupt essential services
- Drive away once-loyal customers
The most prevalent types of attacks
The most frequently reported cybercrimes include:
- Online fraud - 27%
- Online shopping - 14%
- Online banking - 13%
Despite these being the most frequently reported types of cybercrimes, that doesn’t mean other types can’t be as damaging. While business email compromise BEC only makes up 6.12% of all reported crimes, it’s still one of the most costly to a business. The same goes for ransomware, which the ACSC states is the most destructive threat to Australian businesses, despite only making up 0.59% of attacks.
Business email compromise attacks cost the most
Business email compromise (BEC) attacks are a type of phishing scam where attackers pose as a trusted source to trick recipients into handing over sensitive data or paying a fraudulent invoice. These attacks are becoming more serious in Australia, with an increase in total financial losses from BEC rising to more than $98 million. That’s an average loss of $64,000 per the report, which is higher than the average financial loss for large businesses across all types of attacks.
Businesses are looking for support
With such a rise in the frequency of attacks, more organizations than ever have been reaching out for support. The Cyber Security Hotline recorded a total of 25,000 calls during the 21-22 financial year – an average of 69 per day. This is an increase of 15% from the previous year.
The ACSC is dedicated to making Australia a secure place to connect online. As well as running the Cyber Security Hotline, it publishes technical advice and updates on significant cybersecurity threats, collaborates with other countries to counter those threats, and runs exercises designed to enhance the cybersecurity resilience of Australian organizations.
How Australian businesses can protect themselves
With the cost of attacks skyrocketing, it’s clear that businesses will want to protect themselves and look for ways to reduce their vulnerabilities. The average cost of an attack will likely continue to rise as criminals continue to target Australian organizations.
In order to protect your organization, it’s vital to secure one of the biggest vulnerabilities – email. Investing in the right intelligent anti-phishing technology will not only help stop threats before they hit someone’s inbox, but it can also help educate employees about why threats were flagged. This empowers users while reducing the chance of a data breach, which could cause significant financial losses for the business – not to mention the fines for non-compliance with data privacy laws.