Security-focused partners in Australia and New Zealand are in for a surge in business if a trend that saw organisations in the region boost their security spend last year continues.
A new report by Australia's Cyber Emergency Response Team (AusCERT) showed that 58 per cent of organisations in Australia and New Zealand surveyed increased their security spend in 2017 -- with respondents' figures representing a 35 per cent year-on-year increase in security investment.
The findings come from the second Cyber Security Survey, conducted by AusCERT in partnership with accounting and advisory players BDO Australia and BDO New Zealand.
According to the research, a total of 87 per cent of respondents showed more confidence this year on their ability to respond to cyber security incidents, which can be attributed to improved business strategy and clearer management responsibility related to cyber security.
More than 500 respondents across a variety of industry sectors participated of the research, with 85 per cent of respondents from Australia and 15 per cent from New Zealand.
Organisations that have performed regular risk assessments experienced 25 per cent less ransomware attack, according to the research. Organisations also experienced 25 per cent fewer data breaches of third party providers or suppliers and three per cent less phishing and targeted malicious emails.
IT and security managers accounted for 20 per cent of the respondents, three per cent were security analysts engineers and one per cent were internal auditors.
The survey also revealed that organisations who reported improvements in security controls also experienced less cyber security incidents with 52 per cent less malware and trojan infections reported, 37 per cent less ransomware and 29 per cent less data loss or theft of confidential information.
The majority of cyber crimes came from cyber criminals and organised crime in 2017 according to 45 per cent of the people surveyed. Insiders and current employees came second just as in the previous year report, with more than 10 per cent.
Phishing and email attacks are still the most prevalent form of cyber security incidents affecting respondents, followed by ransomware and malware coming in a close second and third.
Professional, scientific and technical services and education and training were the industries who experienced the highest amount of phishing scams.
According to the report, Business Email Compromise (BEC) scams have grown more prevalent and sophisticated over the past year.
"In these scams, the cyber criminals use social engineering tactics to trick employees authorised to request or conduct wire / bank transfers. Fraudsters usually spoof or hack the emails of senior executives at the organisation and use email to instruct lower level employees to conduct a bank transfer to a fraudulent account (a.k.a. CEO fraud)," the report said.
Ransomware attacks were found to be increasingly sophisticated and more widespread.
Education and training was the industry the suffered the highest amount of ransomware and malware attacks with 55 per cent followed by information, media and telecommunications with almost 30 per cent.
The survey showed that 27 per cent of organisations incurred data recovery costs from cyber incidents, which was an improvement from the 31 per cent reported in 2016. Also, eight per cent of organisations who experienced a cyber attack lost access to their systems for several days, which was consistent across both years.
An increase in the compromise of customer records was identified, where six per cent of organisations reported a compromise in customer records and three per cent in employee records, both up 50 per cent from last year’s results.
The Cyber Security Survey found that the top three cyber security incidents experienced by Australian and New Zealand organisations were ransomware with 17.8 per cent, phishing with 19.3per cent, and malware with 17.9 per cent.
Of the incidents experienced in 2017, the BDO expects unauthorised access to information by external user to increase considerably and reach 13 per cent, this year's survey reported less than five per cent. Similar results apply for data loss and theft of confidential information.
Phishing and targeted malicious emails are expected to slow down, going from almost 20 per cent in 2017 to just past 10 per cent. Malware and trojan infections and ransomware are also expected to decrease in 2018.