Australian CIOs are more concerned about employees threatening corporate security than outsiders, according to a new survey released by IBM today.
The survey found 75 percent of local CIOs are more concerned about internal threats compared to a global average of 66 percent across 17 countries.
More than 3000 CIOs were questioned for the survey in January including 150 from Australian companies. Most were drawn from the retail, financial services and manufacturing sectors.
An estimated 49 percent of local businesses now perceive cybercrime as a greater threat than physical crime to their business.
At the same time, the perception is that perpetrators of cybercrime are becoming increasingly sophisticated; 80 percent of Australian CIOs (84 percent globally) believe that lone hackers are increasingly being replaced by organized and technically proficient criminal groups.
IBM security and privacy practice managing consultant Claudia Warwar said the changing nature of cybercrime means that companies need to be prepared to combat a whole new generation of security threats that extend well beyond computer networks.
"When we talk about security today, it means considering an entire organization and much of its ecosystem of partnerships and relationships - from the network to the workforce, and from the workplace to the supply chain. Meeting this challenge requires an industry-wide approach - no one company can do it alone," she said.
Despite highlighting the potential threat from employees, it seems Australian CIOs are concentrating on protecting their organizations from external threats. While 32 percent of respondents are intent on upgrading firewalls, for example, only 15 percent plan to invest in awareness and education training for employees.
Another 10 percent will restrict the use of mobile devices such as wireless handheld computers not specifically sanctioned by the IT staff.
"We strongly endorse educating employees who are in the first line of defence to be cybercrime aware. As software becomes more secure, computer users will continue to be the weak link for an organization. Criminals will focus more efforts on convincing end users to execute the attack instead of wasting time in lengthy software vulnerability discovery," Warwar said.
IBM commissioned the research to better understand attitudes towards cybercrime, the costs incurred and how companies are responding to it.
When it comes to relative costs, Australian CIOs think that cybercrime has a more detrimental financial impact on their business than physical crime.
They are most concerned about the loss of current customers as a result of cybercrime (71 percent), followed by loss of revenue (68 percent) and loss of prospective customers (67 percent). Just 38 percent of their global peers identified loss of prospective customers as a major concern, possibly reflecting the smaller size of the Australian market and relative importance of each customer.
Significant numbers of Australian CIOs also pointed out the 'administrative' losses from cybercrime, such the costs of investigating the breach (41 percent), notifying customers and suppliers (31 percent), and legal fees (18 percent).