The sophistication and diversity of contemporary cybercrime means that organisations need to be developing a multi-layered approach to cybersecurity. An average of 164 cybercrime reports are made by Australians every day — about one report every 10 minutes — according to the Australian Cyber Security Centre (ACSC). Between 1 July 2019 and 30 June 2020, the ACSC responded to 2,266 cybersecurity incidents and received 59,806 cybercrime reports. The most common categories of cybercrime reported were fraud, identity-related and cyber abuse.

Cybersecurity is often misguidedly seen as an IT issue, with directors relying on their IT department to manage the risk in this area. However, given the potential impact of cyber attacks, a robust cybersecurity policy requires the involvement of all levels of management and a commitment to educating every member of the team. Fortunately companies are showing an increased awareness of this and Allianz’s 2020 Risk Barometer survey ranked cyber incidents as the most important business risk globally.

The 2019 study, The Cyber Resilient Organization (conducted by Ponemon Institute and sponsored by IBM) found that almost 4 in 5 Australian respondents did not have a cybersecurity incident response plan they could apply consistently across their organisation. Of those that did have a cybersecurity incident response plan, more than half of the respondents did not test it.

With the increase in rates of cyber incidents, IT departments are becoming less confident that their planning and preparation can sufficiently ward off an attack from cybercriminals. Many IT departments forecast that cyber attacks are likely to become more frequent and complex in the future, while some are concerned that Australia’s cybersecurity practices lag behind those in other developed countries.

It is essential that organisations are continuously reassessing their cybersecurity processes and procedures to ensure that they are both mitigating the risk of being targeted by cybercriminal activity and improving their ability to respond to cyber incidents.

For more information, see recently updated ¶7000-400 in the Compliance and Business Law module.

Source: Content derived from commentary updated by John Moran (Partner), Richard Berkahn (Special Counsel), Reece Corbett-Wilkins (Special Counsel), Brigitte Gasson (Associate) and Emily Wood (Associate) of Clyde & Co in February 2021.