Fear and doubt of cyber risks has led 66 per cent of Australian businesses to put off digital transformation plans, with security incidents potentially costing organisations $29 billion per year.
In research conducted by Frost & Sullivan and commissioned by Microsoft, local security incidents include losses in revenue, decreased profitability, fines, lawsuits and remediation.
"The fact that two-thirds of Australian organisations are putting off digital transformation efforts is concerning, when you consider that digital transformation is expected to contribute $45 billion to Australia’s economy by 2021," Microsoft director of corporate legal and external affairs Tom Daemen said.
"To combat this, we need to be instilling a data culture throughout organisations. Data management needs to be prioritised in the boardroom as a strategic focus.
"Not only will this ensure organisations comply with Australian Notifiable Data Breaches Act and European GDPR legislation, but it will empower employees to see data as the strategic asset it is – and push forward with digital transformation initiatives."
The study, Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World, revealed that a large-sized organisation (over 500 employees) in Australia can incur an economic loss of $35.9 million if a breach occurs.
The economic loss is calculated from direct costs, indirect costs (including customer churn and reputation damage) as well as induced costs (the impact of cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending).
A total of 1,300 executives were interviewed for this study in Australia, China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand.
According to findings, more than half of the organisations surveyed in Australia, or 55 per cent, have experienced a cyber security incident in the last five months while one in five companies are not sure if they have had one or not as they have not performed proper forensics or a data breach assessment.
"The number of organisations that have experienced a cyber security incident, although large, is not particularly surprising given the increased rate of cyber security attacks we’re seeing annually,” Daemen said.
“However, the finding that one in five Australian businesses are not performing regular forensics and data breach assessments is surprising given the frequency of attacks and suggests a need for greater awareness and a cultural shift in how we manage and think about data.”
Artificial intelligence (AI) is being adopted by businesses in order to improve their cyber security.
In fact, the study found that 84 per cent of Australian organisations have either adopted or are looking to adopt an AI approach towards boosting cyber security.
Although ransomware and DDoS attacks have dominated headlines in recent times, the study found that online brand impersonation, remote code execution and data corruption are actually the bigger concern as they have the highest impact on business with the slowest recovery time.
According to data collected in 2017, email scams cost Australian businesses losses of $22.1 million last year, according to the combined scams reported to both the ACCC and ACORN.
ACCC's Scamwatch alone received 5,432 reports scams from Australian businesses in 2017 with 60 per cent being delivered via email and money being sent to scammers via bank transfers 85 per cent of the time - total losses from those scams amount to $4.6 million.