Most Australian organizations faced some form of cyberattack during the 2015-2016 fiscal year, with 86 percent saying their confidentiality, integrity and network availability were mainly targeted, according to ACSC’s inaugural Cyber Security Survey.
Some 58 percent of respondents said their data or systems were compromised at least once, with 42 percent of those because of malware and 42 percent because of phishing. While organizations believe current safeguards should provide sufficient protection against malware, the study’s findings suggest otherwise.
Given that businesses experienced some form of tangible impact after a successful data breach, 51 percent of potential breach alerts were reported by third parties before the organization had any knowledge of it. However, only 48 percent of organizations notified third parties following a data breach. Among private sector organizations, only 4 in 10 did the same.
While 71 percent of respondents said they had an incident response plan in place, only half of those review the plan regularly, and cybersecurity topics are brought to senior managers by 31 percent of respondents only after the breach. Otherwise, cybersecurity issues are rarely or never discussed by board members, according to 27 percent of respondents.
“These figures suggest that senior level decision makers are less likely to have an appreciation of the business risks associated with the cyber threat, and as a result may not view the potential impacts or level of risk as sufficient to warrant further investment in cyber security,” reads the report. “Ultimately, better understanding by senior decision makers of cyber security helps organisations respond to incidents more effectively.”
The ACSC survey also concludes that government organizations are more likely to request data breach assistance from government sources (80 percent), compared to 56 percent of private sector organizations.