“To understand how businesses are adapting to industrial digitalisation and managing cyber risks, Ai Group has today released new research into the cyber readiness of Australian industry,” Innes Willox, Chief Executive of the national employer association Ai Group said today.
“The timely findings come in the wake of the latest cyber-attack against DP World. They reveal that industry leaders are conscious, concerned, and moderately confident regarding their cyber preparedness. But there remain some significant gaps in our national cyber defences we still need to fill.
“The main points in the survey, based on feedback from over 200 large and small Australian businesses from across the economy, included the following.
“First, cyber security is now a major operational challenge for industry. We estimate there are around a quarter of a million cyber incidents affecting Australian businesses annually – meaning one-in-five deal with an incident each year. The rate rises to one-in-three for businesses in industrial sectors like manufacturing, transport and utilities.
“Second, cyber security is now mainstreamed as an investment decision. We found that it is the fifth highest investment priority for businesses today – not far behind conventional capex, and roughly equal to R&D.
“Interestingly, cyber-related IT investments ranked higher than general IT investments – showing how dominant cyber concerns have become for Chief Technology Officers.
“Businesses also treat cyber just like any other investment. Forty-eight percent of Australian companies say the main factor shaping their cyber investments is a return on investment, and 34% say it is cost of technology.
“Third, few businesses ‘go-it-alone’ on cyber security. Our research reveals that 82% of Australian businesses bring in help from external vendors, often to augment their in-house IT teams.
“Fourth, size matters when it comes to cyber security. Large businesses have a greater risk profile due to their rich data and deep supply chain linkages, and are twice as likely to suffer a cyber-attack. But large businesses also have greater capacity to protect against these threats with defensive systems.
“Our findings show it is medium businesses – those with between 20 and 200 employees – that face the greatest cyber risk. They have a similar risk profile to large businesses, but not the same resources to dedicate to cyber defence.
“We therefore need to think carefully about designing appropriately scaled cyber solutions. ‘One size fits all’ cyber approaches will end up fitting no one.
“Fifth, good cyber security requires technology and people. Fifty-three per cent of Australian industrials tell us they make investment in cyber security training – for all employees, not just the IT team – a component of their cyber investments.
“The digitalisation of industry is of course not simply a source of cyber risk. It also provides rich opportunities to increase our innovation, productivity and international competitiveness. But to do it securely, we need to embed good cyber security practices into every step of business operations,” Mr Willox said.
Link to report: