Aussie businesses hit with ransomware and regulatory fines

Businesses are having a hard time in ensuring compliance with regulatory obligations and securing against ransomware, a Telstra report shows.

Half of the 1,300 IT security decision makers and c-suite execs across various industries who responded to theTelstra Security Report 2019 said they received fines for being in breach of new legislation in the past two years. The same number also said they paid a ransom to cybercriminals for ransomware.

The report found awareness and understanding of the strategic importance of security has increased with 84 per cent of Australian companies saying they will increase security budgets, currently averaging over $900,000 per year, in the next one to two years to combat security threats.

It also found that Australian businesses are better prepared than ever for cyber-attacks with incident response plans in place at 77 per cent of local businesses. The respondents with a plan are reviewing and testing them on a monthly basis, compared to last year as businesses shift to an ‘expectation of breach’ mentality.

The introduction of new regulations, such as the Notifiable Data Breach Scheme in Australia and the European Union’s Global Data Protection Regulation, as well as several high-profile privacy breaches — has driven c-level and senior management interest in security. One-third of Australian respondents saying the frequency of meetings with senior stakeholders has increased.

Top findings:

• 89 per cent of Australian businesses estimate that breaches went undetected – up 12 per cent since 2018
• This contrasts with 74 per cent of Australian businessesbelieving they have strong systems in place to verify when an incident has occurred
• 65 per cent of Australian businesses interrupted by a breach – up 5 per cent since 2018
• 55 per cent of Australian businesses said they received fines for being in breach of legislation enacted in the past two years
• 48 per cent of Australian businesses experienced a security attack in the past 12 months
• We aremore prepared than ever for cyber-attacks with incident response plans in placeat 77 per cent of local businesses
• 34 per cent of Australian respondents review andtest their incident response plan monthlyasbusinesses move to an ‘expectation of breach’ mentality
• 27 per cent of organisations take weeks, months or years on average todetect a security incident or breach
• 84 per cent of Australian organisationsspend up to 20 per cent of their overall IT budget on security
• Among the subset of organisations interrupted due to a security breach, 81 per cent of Australian businessesexperienced a ransomware incidentwithin the past year; 51 per cent of Australian organisations who experienced ransomwarepaid the ransom
• 44 per cent of Australian respondents identifiedC-level executives were ultimately held responsible in the event of a cyber security incident
• Human error or a targeted attack on an employee are cited as the highest risks to IT securityby 36 per cent of respondents.