The potential direct economic loss of cybersecurity incidents on Australian businesses is AU$29 billion per year, according to a Microsoft commissioned report by Frost Sullivan. Direct costs were defined as tangible losses in revenue, decreased profitability and fines, lawsuits and remediation. The figure – equivalent to almost two per cent of Australia’s gross domestic product – was estimatedbased on survey data, market research, historical data, and accumulated observations of the industry over the last few years. The finding comes from a reportUnderstanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World, the key figures of which were released today. Despite the huge direct cost, the actual ‘economic loss’ is even higher, Microsoft said. A large-sized organisation with more than 500 employees in Australia can incur an economic loss of AU$35.9 million if a breach occurs, it claimed. The ‘economic loss’ was calculated in the report from direct costs, indirect costs (which includes customer churn and reputational damage) as well as induced costs (the impact of cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending). “Although the direct losses from cybersecurity breaches are most visible, they are just the tip of the iceberg,” said Edison Yu, Asia Pacific head of enterprise for Frost Sullivan. “There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organisations suffering from cybersecurity attacks can be often underestimated,” he added. The report includes a survey of 100 Australian senior IT executives and business decision makers working in a range of sectors. It found more than half (55 per cent) of the 100 organisations surveyed locally have experienced a cybersecurity incident in the last five months while one in five companies were not sure if they have had one or not as they had not performed forensics or a data breach assessment. The lack of awareness was “surprising” said Microsoft director of corporate, legal and external affairs Tom Daemen, “given the frequency of attacks and suggests a need for greater awareness and a cultural shift in how we manage and think about data”. The report also found that the perceived risk of cyber incidents was slowing companies’ digital transformation efforts, with two thirds saying they had put off initiatives due to “the fear of cyber-risks”. Related content feature CIOs grapple with the ethics of implementing AI With ethical considerations around AI use increasingly top of mind, IT leaders are developing governance frameworks, establishing review boards, and coming to terms with the difficult discussions and decisions ahead. By Esther Shein Dec 11, 2023 13 mins Generative AI Generative AI Generative AI feature Reed Smith turns to AI for lawyer staffing solution The legal firm’s Smart Resourcing tool helps balance workloads and ensure partners find associates with the right skills and experience, while empowering employees to make connections across the firm’s global footprint. By Sarah K. White Dec 11, 2023 8 mins CIO 100 Legal Digital Transformation news Emirates NBD drives sustainability goals with Microsoft partnership By Andrea Benito Dec 10, 2023 2 mins CIO news COP28: How Du and Ericsson's partnership is supporting UAE Net Zero Strategy By Andrea Benito Dec 10, 2023 3 mins CIO Green IT Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe