Deloitte has opened a national Cyber Intelligence Centre in Australia to protect companies from the growing online security threat.
Deloitte cyber risk services partner, Tommy Viljoen, said the average cost of a data breach per Australian organisation was more than $2.5 million per year.
“The average breach involved more than 20,000 records in Australia over the five years to 2014," he said.
"And there was also a 25 per cent increase in data loss between 2013 and 2014 globally.”
Viljoen said the lack of legislation for breach notification in Australia meant that most organisations were focused on prevention as opposed to detection
"There is significant under-reporting of cyber breaches in Australia,” he said.
The national Cyber Intelligence Centre will link in with Deloitte’s existing Cyber Intelligence Centres in the UK, Europe, Canada and the United States.
Deloitte now has 17,500 cyber risk service staff globally, with 4,000 in the Asia Pacific.
James Nunn-Price, who will lead and establish the Australasian arm of Deloitte’s chain of Cyber Intelligence Centres, said cyber risks were a result of dynamic targeted threats.
"On an industrial scale they are focused at the digital assets, operations and information of the organisation," he said.
"Both complex and severe, these risks are evolving faster than business can react.”
Nunn-Price established the Cyber Intelligence Centre concept, overseeing its implementation in the UK in 2013 and its 24 hours a day, seven days a week services to clients.
He was responsible for Deloitte’s overall information security, resilience and cyber advisory services to the UK Government.
He also personally assisted the London 2012 Olympic Games leadership team with cyber incident response, crisis management and forensics.
Deloitte cybersecurity global leader, Kelly Bissell, said the company's role was to help businesses better protect their critical assets against known and emerging threats across the ecosystem.
"We help them monitor and watch out for any pre-emptive threats, so they both detect and protect themselves against both known and unknown adversarial activity.
“It’s all about being secure and vigilant… and being sufficiently resilient to recover when incidents do occur," he said.
Viljoen said Australian businesses needed what we term, ‘actionable intelligence’.
"They need to transform how they think about cybersecurity - building ever more secure environments and ever higher firewalls no longer works," he said.
"The cyber-criminals are already on the inside. Knowing what’s happening, and working on the basis of having already been attacked, and preparing for even more complex and often apparently ‘insider’ attacks to happen again, is what’s now needed. It is transformational.”
According to the 2014 Verizon Data Breach Investigations Report with the US Secret Service, FBI, Deloitte, DHS and others, 92 per cent of breaches are perpetrated by outsiders.
These known external perpetrators come from organised crime (55 per cent), state affiliated hackers (21 per cent), activists (2 per cent) and former employees (1 per cent). Only 14 per cent of breaches are by insiders, but this is rising.
Nunn-Price said more than three quarters of breach incidents were caused by weak or stolen credentials with rogue hardware and malware, which are also frequent causes of breaches or service denial.
"It is therefore important for all employees, contractors and suppliers to be aware of how criminals are targeting them with their well-planned attacks, often triggered by ‘apparent insiders’ who are already lying in wait within the organisation like cockroaches," he said.
Deloitte Reputation@Risk research that shows there is an 80 per cent chance of a company losing at least 20 per cent of its value (over and above the market) in any single month due to reputation loss from the impact of a crisis – whether that be a cyber-breach or another disaster.
Viljoen said these stats meant that cyber-security breaches were becoming top of mind for business leaders along with reputational risks.
The Deloitte/Forbes strategic risk research shows that regionally, the biggest impact of technology enablers and disrupters on established business models was in the Asia Pacific (including Australia), where 98 per cent of respondents reported having changed their business strategies.
Viljoen said business leaders needed to make sure they were sufficiently informed about the state of cybersecurity within their organisations.
"With new business models and corporate restructuring, new customer service and sales models, new sourcing and supply chain models, and inherently new applications and mobility tools, business leaders needed to be able prepare for, respond to and recover from growing threats," he said.