BAE Systems has launched research into the cyber security preparedness of Australian businesses, and an online Cyber Risk tool to better understand their cyber security readiness.
The Cyber Risk tool measures a business’ cyber security preparedness across 10 key elements of ICT security, including incident response and information management. It was developed in response to global research indicating potential weaknesses in Australian businesses’ cyber security measures.
“When the Prime Minister launched Australia’s Cyber Security Strategy in April, he identified the need for businesses of all sizes to understand their cyber hygiene through voluntary ‘health checks’,” BAE Systems Head of Cyber Solutions Asia-Pacific and Japan, Alex Taverner, said.
“Among other worrying outcomes, the BAE Systems survey found that in Australia, a quarter of businesses don’t know if they have the security controls in place to defend against cyber attack.
“This online tool will enable businesses to answer that very question, and take steps to improve their cyber preparedness in the likely case that they are found wanting.”
The research, which is part of a global survey including the US, UK, Malaysia and Singapore, reveals the importance of businesses regularly checking their readiness for cyber-attack and assessing whether they have the right people, technology and processes in place.
The BAE Systems research found:
- A quarter of Australian businesses don’t know if they have the security controls in place to defend against cyber attack. Of all the countries surveyed, this is the highest by a significant 10 per cent (75 per cent in Australia versus 85 per cent globally said they were confident they had the right controls in place).
- Australian businesses reported a cyber attack had occurred on average in the last six months, compared with the global average of an attack in the last nine months. Almost three quarters (73 per cent) of Australian businesses had suffered an attack in the last year and over a third in the last month (34 percent).
- The average cost of a cyber attack for an Australian business is over $622,515.
- Nearly one in three companies (32 per cent) said they weren’t very confident their business could return to business as usual within 48 hours, or that they’d never thought about it.
- 15 per cent of companies have not tested their incident response plan in up to two years. Nearly ten per cent (9 per cent) of survey respondents said they don’t have an incident response plan or don’t know if they have one.
“Our research found Australian businesses were more likely to report a cyber attack than the global average, whether that be a week ago, a month ago or six months ago,” Taverner said.
“As recent high profile cyber attacks have demonstrated, businesses of all sizes and in all industries must ensure they’re prepared.
“Regular testing, training of staff, and updating technology and processes is crucial to avoid or minimise monetary and reputational damage. We encourage all businesses to take this simple test to assess the strengths and weaknesses in their cyber security and understand their vulnerabilities,” Taverner said.
See if your business is prepared for cyber attacks by accessing the Cyber Risk tool here.